Is there a way to approve changes to variable sets? We have four scopes (dev, qa, staging, prod). I have locked down staging and prod from being edited by people with access to lower environments, but they can still create variables and variable sets at will in dev and qa. I am wondering if there is any process in Octopus that allows their newly created variables in those scopes to be reviewed before being added. In that event, once approved we can also then add the equivalent values for Prod and Staging.
Hi Josh,
Thanks for getting in touch, I appreciate your clear breakdown of the issue, it really helps out!
I understand your concern regarding this,
At this stage, the permissions structure in place isn’t as granular as this, if the User has permission to edit ‘LibraryVariableSets’ in conjunction with the User’s team being scoped to the respective environment they will be able to view and edit the variables set as you’ve highlighted.
You could opt to remove the ‘VariableEditUnscoped’ permission from the associated User Role to prevent users from making changes to variables that do not have environment scoping, though from your provided example it sounds like all the variables are scoped to specific environments and potentially any unscoped variables are interchangeable regardless, so I’m not sure how much this would assist in this scenario.
Your idea, however, sounds like a great way to make Octopus even better!
I’d recommend heading over to the User Voice area of our website linked below; Please leave your thoughts on how this would improve your deployment process, we consider all user voices based on community support.
https://octopusdeploy.uservoice.com/
If I’ve misunderstood in any way, or you require further assistance please let me know 
Kind Regards,
Reece