This might be a weird q, but is there a way to prevent UI edits in Fleet? Ideally I’d like to enforce that all changes to queries/packs are made only via automation (or by specific user tokens if such an ACL exists), so changes can be driven by fleetctl or terraform.

you can disable ad-hoc queries, but I don't think RBAC has been implemented in a way that'll prevent that.

Yeah I’m actually less worried about adhoc queries, though they are a concern

@asvoboda an UN-supported method could be to setup NGINX to only allow

POST

requests to certain API endpoints from a certain IP range/user-agent/etc