Export and Import permissions for custom user roles


I am trying to implement the import and export function from the Octopus API, but the service user that we are using is not a Space Manager. We want to limit the service users access as much as possible, and for that reason we do not want it to be a Space Manager. Is there a way to create a custom user role with permission to export and import?

Good morning @magr,

Thank you for contacting Octopus Support and welcome to the forums!

Unfortunately there is no way to import/export projects without the Space Manager permission.

I tested this by setting up a test user and giving them ‘Project Viewer’ permissions to my default space.
When I try and click on the ‘Import’ button I get the message below in the UI:

If I then give my user 'Project Lead and ‘Project Deployer’ - so essentially admin rights over all projects. I still get the space manager message so unfortunately there is no other way of doing imports and exports unless you give the account space manager permissions.

I imagine this is because the import / export feature was created to move projects between spaces, so we have that permission in place to ensure the account you are using has permissions to import the exported project into a different space, otherwise why would you need to use that feature?

I am sorry that is not the answer you were hoping for but unfortunately there is no other way of performing this action. If you wanted to clone a project you can do this using our clone feature which is designed to copy a project into the same space.

Kind Regards,

Thank you for answering. I think that the cloning feature might not fit our current use case. Previously we have used the deprecated import in the CLI to import projects defined in json-files and it worked without the Space Manager permissions.

The cloning feature did not seem to be able to clone a project from a json-file and we don’t need to be able to import/export between spaces. Are there any other features that could work in a similar way as the CLI import that only requires a subset of the space managers permissions?

Hey @magr,

Are you able to elaborate on your use case please and what you are trying to achieve so I can see if we have any other tools that will perform the task.

Are you exporting a project to import it into a test instance?

I look forward to hearing from you,

Kind Regards,

Without tangling myself into too much details; we are exporting projects from Octopus Deploy to a zip-file containing scripts and variable sets to install a software. This zip is published on a Nuget feed and is imported by our customers to their instance of Octopus Deploy.

Hey @magr,

Thank you for expanding on your use case, that does really help see what you are trying to achieve, we do have the Octopus-Migrator tool which should export the project for you. The page you should be interested in is the Partial Export. The only issue with this is it needs to be run on the Octopus Server itself so scripting this from another machine might not be possible.

If you have access to your Octopus Server and can run the migrator tool you can use that, you do not need an API key or an Octopus Account but you will need to make sure the user running the migrator tool has the correct rights to run scripts from the Octopus folder on the C drive, if your Octopus Service account is set to a domain account then you will need to use that account to run the migrator.

Does that tool sound like something you could use?

I look forward to hearing from you,

Kind Regards,

It seems like it could be a viable replacement. Thank you :smile:

Hey @magr,

No worries, glad I could help, feel free to give it a whirl and see if it does what you need it to. The export puts all the project files in a folder so you should be able to zip that up (the same as what an export from the UI would provide), pop that into your build server and tag the other things in with it, and then do the import.

Do let us know if it does not work as intended though and we will see what other options there is.

Kind Regards,


I have managed to make export work by using Rest calls to the migrator API, but I have some issues with import.

When I try to import the import director missing.

Running a space-import migration for the Test.1.0.2 package. 
October 24th 2022 12:17:19
Failed to perform the import migration. Directory does not exist to extract to: C:\Octopus\octohome\Work\20221024101719-708-29\import\

SharpCompress.Common.ExtractionException: Directory does not exist to extract to: C:\Octopus\octohome\Work\20221024101719-708-29\import\

   at SharpCompress.Common.ExtractionMethods.WriteEntryToDirectory(IEntry entry, String destinationDirectory, ExtractionOptions options, Action`2 write)

   at SharpCompress.Readers.IReaderExtensions.WriteEntryToDirectory(IReader reader, String destinationDirectory, ExtractionOptions options)

   at Octopus.Server.Orchestration.ServerTasks.Migrations.MigrationImportTaskController.RunImportMigrationUsingPackageRepository(IBuiltInPackageRepository builtInPackageRepository, MigrationImportResource migration, ITaskLog taskLog) in ./source/Octopus.Server/Orchestration/ServerTasks/Migrations/MigrationImportTaskController.cs:line 151

Octopus.Server version 2022.1.2849 (2022.1.2849)

I noticed that the export directories are being deleted as a part of the export task, but the package-zip exists. Is this behavior intended, and if so; how can I import the project?

Hey @magr,

So I have done some more testing on my end and if you export a project using the UI it puts everything as JSON files:

If you use the export tool via the migrator as we discussed it puts everything in folders:

If you drill down into the folders they do contain JSON files but I imagine using our import tool via the UI you will get errors as the export feature wants to see the top level files in the export zip as JSON files not folders.

I am going to ask around and see if using the migrator tool will let you import projects into Octopus correctly. I assumed it would work as the documents are all there but there might be some special way to import the project.

I will let you know what I find,
Kind Regards,

Hey @magr,

I managed to get this to work by doing the export:

Octopus.Migrator.exe partial-export --instance=OctopusServer --project=Bug --password=password --directory=C:\Project

This put just the project export files into C:\Project (the folders you can see in my previous comment).

I then did an import using the Octopus.Migrator.exe through command prompt:

Octopus.Migrator.exe import --instance=OctopusServer --password=password --overwrite --directory=C:\Project

To be sure this worked I changed one of the JSON files in my Bug project in C:\Project- I added a word into a ‘Run a Script’ step. Once I ran the import the project changed to the new value in the UI.

I can see there being quite a few issues for you using this tool to be honest, if I zip all those folders together (which is how I imagine you will have your project after going through the build server) and try and import that using the same import command I get the error:

Directory does not contain an Octopus export
Octopus.Shared.ControlledFailureException: Directory does not contain an Octopus export

So the migrator tool only supports importing specific JSON files exactly as they were exported. It will also import everything in that folder, you cannot specify to import just one project, that could get very messy.

Unfortunately I do think the best way to do this is to create a Service Account in Octopus (with just the space manager permissions) for you to run the API calls from and use our import / export feature. That way is supported (the Octopus.Migrator tools is not so will not receive bug updates) and you have more control of what you are exporting and importing.

We have an API script you can use here to export the project. We also have a specific one for just importing the project here.

I know you wanted to shy away from giving a user Space Manager permissions but if it is just a service account only a handful of Admins can access (for looking into faults etc) then its not a big risk to give that account Space Managers. It is a greater risk trying to use the import feature from the Migrator tool as it doesn’t seem to drill down enough so you can specify exactly what to import.

I am sorry this is not the news you wanted to hear but there are no other options for us to try.

Let me know what you decide,

Kind Regards,

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.