Hello, we plan to use read-only dagster in prod (so that Dagit UI can't trigger). Is it possible to still trigger prod pipelines programmatically (API from ADO/Github/etc.) with some level of security restriction?

Hi Manrique. You could launch jobs via the graphql API programmatically. We don't currently offer any sort of role-based authentication in open source (but dagster cloud does). Spitballing an idea--we've seen users successfully use Google IAP to provide role-based authentication.