Hi @donkos 

You can use a reference list to trigger the playbook based on a particular value and then set up permissions so that users can only edit reference lists and not other parts of the environment tab.

Users can create scoped lists, but they can only create lists with scopes matching their assigned scopes or a subset of them. For example, a user with scopes A and B can create a reference list with scope A or with scopes A and B, but not with scopes A, B, and C.  Additional information on this can be found at  Configure data RBAC for reference lists .

This is a great way to allow users to edit reference lists without giving them access to edit other parts of the environment tab.

To implement this, you can create a new reference list with the scope that you want to use to trigger your playbook. Then, you can add the value that you want to use to trigger the playbook to the reference list. Next, you can create a new playbook rule that checks if the value in the case is present in the reference list. If it is, then the playbook will run.

You can further restrict access by using the "Specific permissions" section in the playbook permissions dialog. This section allows you to grant specific users or SOC roles within specific groups either edit or view access to the playbook. Permissions selected here override the default permissions that were previously set.

For example, you could tag Tier 3 as view only and select Alex Smith (who is in Tier 3) as having edit permissions. This would allow Alex Smith to edit the playbook, but other users in Tier 3 would only be able to view it.

I hope this helps.