Create project with permission to specific tenants


(Tobias) #1

Hi,

Octopus version: 2018.9.5

Question regarding permissions.

We have a Team that has permission to a specific Project Group and some specific Tenants. A user in this team can create a new project. But even if the user just created the project, the user cannot view the project.

This is how it looks after Save of new project:

At that moment the project is saved, but user cannot view it.

Troubleshooting

  • If we give permission to all tenants, the user can view the project.
  • The user can view the project after a tenant (that user has permission to) is connected to the project. But because the user cannot view the project, this connection has to be made by another user.

Problems/questions

  1. The message “Missing permission: ProjectView” seems wrong. And it also feels strange getting this after a successful create of the project :slight_smile:

  2. We would like these users to be able to:
    2.1. Create a new project.
    2.2. Go to project and change settings (change “Multi-tenant Deployments” to “Tenants required for all deployments”).
    2.3. Go in to a tenant, that user has permission to, and connect the tenant to the new project.
    Should this be possible?

Thanks


(Daniel Fischer) #3

Hi Tobias,

Thanks for getting in touch! I’m very sorry for the delay in getting back to you here.

I had a chat to the team about this and it looks like this is not currently supported. Tenants as they are at the moment, support an existing pre-setup environment of projects and other dependencies. This makes it challenging to work around scoping for creating new Tenanted projects.

I agree that this is a fairly confusing experience. I think the problem here is the message we provide is not very descriptive. We see this a lot in regards to permissions issues surrounding scoping in various places round Octopus. Unfortunately, I don’t think we currently have the ability to be much more precise with our messages around the scoping permissions here. This is something we would like to be able to do though.

I think that as we do not have the ability to add projects which are already configured and connected to Tenants, the combination of ProjectCreate + Tenant scoping is not currently a good idea.

I’m sorry again for the delay in responding, and I’m sorry that my answer here is not very helpful to your situation. If you have any questions at all here, or have some thoughts on this, please don’t hesitate let me know.

Best regards,
Daniel


(Tobias) #4

Hi Daniel,

Thanks for response!

Okey, then we at least know. I made some more tests with permissions now, and it seems it works ok for us if we give view permission to all tenants, but only edit to some specific.


(Daniel Fischer) #5

Hi Tobias,

Thanks for the update here! I think this is probably the best solution at the moment. I think this is something we would love to iron out in the future, though it’s just not on the table right now. The scoping and permissions are such an intertwined feature that some seemingly small changes can quickly cause unexpected results throughout the program.

I hope your current solution suffices for now! Please don’t hesitate to get in touch at any time. :slight_smile:

Best regards,
Daniel


(system) closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.