We have a scenario where we want to show all our users full Dashboard View (Environments/projects/Deployed Release Versions) but wanted to restrict the Variables/LibrarySet to only Lower Environments for security reasons.
We created a team with a custom user role for DashboardView scoped for all environments and a project viewer role to restrict to particular environment( lets say Env1) . we found Variable set of projects works fine with showing only Env1 specific variables but Libraryset still shows for all Environments.
We expected to have Projects Variable set and Library set to behave similarly by showing variables of the only Environments scoped but looks its not currently…
We using Octopus v2019.5.4 version
Please let us know if this scenario came into your consideration before or it is a bug which is actively being worked on?
Thanks for getting in touch. We’ve had some recent interest in this area from a few customers. Library Variable Sets are a popular choice for many customers but they were always designed to be a global all visible concept.
The only current way to restrict them is only in relation to variables they contain. You can stop users viewing scoped variables if they cannot see the environment to which the variable is scoped.
E.g. you can set a class of users to not see Production. To do this you can scope EnvironmentView to a fixed set of environments that excludes Production. This class of users will then not be able to see variables which are scoped to Production.
We have started some work to bring some other capabilities to Library Variable Sets to allow for some more advanced configuration of access rights . We have to be careful when changing functionality related to variables to ensure we don’t regress in unexpected ways. We currently don’t have a firm timeline or public info yet about the exact scope of the work, but that we’re investigating and working towards more capable Library Variable Sets.