Restricting access to deploy to production via Gitlab CD

Hello,

Currently we have a Gitlab CI / CD pipeline setup, however I have some concerns relating to the fact that currently anyone that has access to the Gitlab project is able to trigger the CD pipeline on our production nodes (Docker swarm cluster).

Current the CD component in the gitlab-ci.yml file is defined as per the below structure:

deploy_prod:
stage: deploy
variables:
DOCKER_HOST: tcp://deploytoprod:2375
script:
- /root/to/script/deploytoswarm.sh
enviornment:
name: prod
when: manual
only:

  • master

The deploytoswarm.sh executes the docker stack command, which in turn executes a Docker stack compose yaml file that contains the container specs, volumes, etc.

My question is related to how one would be able to restrict access to execute this part of the gitlab-ci.yml file to only a selected number of users?

Many Thanks!