We have an Azure DevOps release pipeline with stages representing deployment targets. The final stage (Production) is secured by preventing all but Release Administrators from Editing, Deleting or Managing Approvers for that stage only. They have Edit permissions on all other stages. This is done by selecting the production stage, clicking the (...) menu, security, switching off inheritance and adjusting the permissions as described.
Now, when making any change to the release pipeline (including adding a new stage, editing an 'unprotected' stage, adding a variable, updating an existing variable) anyone other than Release Administrators get an error:
VS402904: Access denied: User XXX does not have edit release stage permission. Contact your release manager. Stage name: Production
Surely this can't be as intended, securing one stage essentially locks out all changes to the entire release pipeline? Is there an alternative to restrict modification of a single stage while allowing others to continue to make changes to other stages and variables?