Can't restrict feature flag creation/deletion to specific environments (dev/stage/prod) in FeatureHub #1227
Description
Hello, dear
Problem:
The current FeatureHub implementation lacks granular access control for feature flag creation/deletion within specific environments (e.g., for developers). This results in the following limitations:
- Flag deletion applies globally across all environments
- Flag creation automatically propagates to all environments (including production) with default values
Current Behavior:
Production flag state can only be controlled via the retire function, which has unintended side effects:
- Enabling retire in production automatically grants update (value modification) permissions
- Disabling retire forces production flags to always return key:false, even when active in the system
Required Changes:
FeatureHub needs modifications to:
- Separate permission controls:
- Allow retire in production without automatically granting update access
- OR introduce a dedicated disable_in_prod permission that blocks flag modification
- Environment-scoped flag management:
- Select target environments during flag creation (e.g., dev/stage only, excluding prod)
- Enable environment-specific deletion instead of global removal
Key Benefits:
- Prevents accidental production exposure of development flags
- Maintains production safety while allowing developer flexibility
- Aligns with standard feature flag governance practices