# Authentication and Authorization ### **Overview** Configure a Spinnaker Manual Judgment pipeline stage to propagate authentication. ISD and Spinnaker™ provide the same authentication and authorization functionality. The [Spinnaker documentation](https://spinnaker.io/docs/setup/other_config/security/#security) contains detailed instructions on how to set up both. ### **Authorization & Manual Judgments** The [Spinnaker documentation](https://www.spinnaker.io/setup/security/authorization/#restrictable-resources) explains how to restrict users' access to "**accounts**" and "**applications**," but it doesn’t go into the specifics about how the two interact. If you have access to an application, you can view the pipelines and manually execute them even if you only have "**read-only**" access. Regardless of your type of permissions, you can run a pipeline. However, if those pipelines interact with your cloud environments (e.g deploying a manifest), you need read/write access to those environments. If you don’t have write permissions, the stages that attempt to write changes to the environment will fail. However, “**Manual Judgement stages**” are an exception. You can configure Manual Judgement stages to “**Propagate Authentication**”: ![](https://lh6.googleusercontent.com/xJ2IHmOCk4i_lfNGy_sg6O1cJ9q7LT4sVcCSfWXu4K7hze4eJvvdmbRTI-kxJW0UxRpQfjf2fVLdkZLDIztlkJNY9EhmrFDGjcZ_hZ-v5DNv-JG3_aqwa6Lvv-zW7IQ5Bh7J8CMYaoB-fIF7PQ) When you check this box, the pipeline will use the identity and authorizations of the user who approved the stage for all subsequent stages. You can allow users with limited access to safely kick off pipelines by inserting a Manual Judgment stage with this option enabled before the actual deployment; after approval, a user with full access to the environment can successfully continue the pipeline. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/opsmx-1/opsmx-context-engine/additional-resources/previous-releases/spinnaker/authentication-and-authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.