I’ve recently granted our auditors access to our team and role configuration so they can keep an eye on who we’re granting access to and what kind of access they have. A feature our Octopus Administrators use is the “Test Permissions” page so they can get an aggregated list of permissions for any particular user based on the various teams they’re in and the roles that apply.
It seems that the UserRoleView and UserView permissions are insufficient in granting our auditors the ability to see other user’s permissions. Interestingly, a user with these permissions seem to only be able to see their own permissions. All other users appear to belong to no teams (even though they do) and have no permissions (even though they do).
Is there some combination of permissions and/or team-level scoping we can use to allow auditors to see any user’s permissions while still preventing our auditors from making any changes?
Thanks for getting in touch! Unfortunately the quick answer is no, there’s no combination of permissions to allow non-admin users to test permissions for all of the users. It was designed as an admin-only function, so it would require giving the auditors admin permissions or give them all the data they need.
You can export the permission data for each user as a CSV file for your auditors to overview, as shown in the attached screenshot. Would this help?
Sorry it’s not better news. Let me know if you have any further questions!
We were aware of the export functionality and, yes, this is helpful. Our hope was that our auditors can do their bureaucratic nonsense independently so our Octopus Admin staff can focus on real work without interruption.
Admittedly, providing our auditors the ability to see our team and role configuration and having them laboriously derive any particular individual’s permissions is pretty gratifying.
I’d probably be remiss, however, not to make some token request that this be considered in a future release. Perhaps you could punish some misbehaving developer by forcing them to look into it one day.
Thanks for following up! It’s good to hear the export functionality has been helpful. Thanks also for sharing your idea on enhancements you’d like to see in Octopus! We’d like to see what kind of community support would be behind these ideas, so I’d suggest adding this up on our UserVoice site. This is the main route we take when considered feature and enhancement requests, as it allows us to prioritize it based on support. https://octopusdeploy.uservoice.com/
Don’t hesitate to reach out if you have any further questions!
