Custom Role with Environment-Specific Restrictions

We are after a simpler Octopus Server configuration for PCI compliance.

Having two Octopus servers seems very complicated, and means that deploying to production is not identical to all other deployments.

We would like to have a single Octopus server, but to achieve that, we’d like to make - in simple terms - a Production Administrator role and a Non-Production Administrator role, so that no one with access to the source code can deploy to production.

I have made a Production Administrator custom team, by limiting a System Administrator to only accessing our production environments.

Currently, to make a Non-Production Administrator, though, I’d have to add all the non-production environments in the Only These Environments filter. And modify it every time we added another Dev or Test or UAT environment.

Request: Could we have an “All Except these Environments” tag filter in the Add Custom Team dialog?


Thanks for getting in touch! I think this UserVoice suggestion would help with this:

Instead of ‘all except’ it would allow you to have your Dev, Test and UAT groups set for permissions for everyone and when new ones added they would be part of the group.

Please vote and comment, this suggestion is really gaining traction!