We’re using Octopus 2018.7.4 OnPremise
We would like to be able to strictly segregate dev and ops in the Octopus instance so that dev cannot target production machines or deploy to production environment.
In other words, lets say we have 4 environments : 1 dev, 1 int, 1 pre and finaly 1 prod
We need to setup teams like ‘TEAM DEV’ and ‘TEAM OPS’ where TEAM DEV can do everything on the dev/int but only readonly and not deploy on pre/prod while TEAM OPS will be the opposite.
We cant’ figure out how to achieve that. We didn’t find any way to avoid creation of “fake” machine targeting production in a “fake” environment from TEAM DEV which can then use the “fake” environment to deploy on production.
- we are trying to find the roles/permissions matrix with no luck so far.
Especially this [https://octopus.com/docs/security/users-and-teams/creating-teams-for-a-user-with-mixed-environment-privileges#Creatingteamsforauserwithmixedenvironmentprivileges2018-12] did not help that much.
Any suggestion/solution will help.