Environments per project/project group

Why don’t we have a project/project group as a top level object?
For instance my team has quite a standard flow: dev->test->uat->prod.
Other teams might have their own flow. What bothers me is shared Environments section - I don’t want to see other teams machines, other teams roles or what so ever.
For example: we recently started using the Octopus Deploy and I configured the process, the environments, deployment targets, I gave generic names for the roles: services, web. A bit later other teams started to use the Octopus and what they see? They also want to use roles with those names, but who is the owner of those?

I am confused here. Any ideas?

Hi Maxim,

Thanks for getting in touch! If you want to limit the machines that some users see, we would recommend creating an environment per group ie. Production-Group1 Production-Group2 etc.
That way you can limit everything those Teams do for each machine and environment.

It also means that even if you have shared roles, team A couldn’t deploy to the wrong machine as their environment would be all they can add to their process and Lifecycle.

How does that sound?


the problem is that by default if no one specified the envs for the team, the team will see all the envs.

I don’t understand the general flow. How it starts? The new team comes. Who gives them the rights? What kind of rights? Remember the final goal? Not to overlap…

Hi Maxim,

You will have to have someone as an administrator to manage these settings, it could also be scripted using the API if it happens often. I would also suggest that all permissions are removed from the default settings so until the users are given the correct permissions they cannot see or access anything.
We have a number of customers that do this, or assign groups in AD to manage this also. If you want that level of permissions, it has to be manged.
Generally the best way is to make use of naming schemes for environments and projects and project groups.
Within Octopus you cannot have duplicate names anywhere so there should not be any over lap.

It is really not that different to managing any permissions across teams for software that you need and Octopus allows you to be very granular.