Library Variable Set access

I’m having problems giving non System Admins access to the Library Variable Sets.

I’ve created a new role and given it the following rights (LibraryVariableSetCreate, LibraryVariableSetDelete, LibraryVariableSetEdit, LibraryVariableSetView). They already have VariableView from another role but still they are unable to access the library list, they do get the following error message.

“You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: VariableView
This action requires permission to view variables belonging to a project or library variable set. At least one of your teams has this permission in a limited scope, but this doesn’t cover the project or environment in question. Teams that have enough permission include: Octopus Administrators.”

If I use the test permissions feature it doesn’t show that these permissions (LibraryVariableSetCreate, LibraryVariableSetDelete, LibraryVariableSetEdit, LibraryVariableSetView) have been assigned to them even though they are assigned the new role.

I’ve running version 3.2.7

Hi,

Thanks for reaching out. They key is in this line of the error message

At least one of your teams has this permission in a limited scope, but this doesn't cover the project or environment in question

The team that grants users the roles related to VariableSets has to be scoped to all the projects on the instance. The reason behind this is that Variable Sets can be used by all of the projects (and there’s no way to limit that at the moment).

What we recommend to do in these cases is to create a specific team (lets call it “VariableSetUsers”), which grants all the library variable set roles (LibraryVariableSetCreate, LibraryVariableSetDelete, LibraryVariableSetEdit, LibraryVariableSetView) and which is scoped to All projects.

Could you please try that and let me know how it goes?

Thanks,

Dalmiro

Thanks. The approach of creating a new team sorted the problem for me.

I experienced this issue also, yet the suggestion that you suggested Dalmiro, did not worked for me.

Could you please help me out?

Thanks in regards.

Hi,

Thanks for getting in touch.

What is not working for? Would you mind sending a screenshot of your team configuration?

Thanks,
Shane

Hello Shane,

Unfortunately I’m not able to provide you a scrreenshot at the moment of my configuration.

I can give an example.

User A is in Team A. Team A is limited on “Test” environment and certain projects he/she is working on. Team A has “Project Deployer” and “Project Lead”.

Now as suggested, I created a Team “VariableSetUsers”. I created a custom role and assigned all these permissions (LibraryVariableSetCreate, Delete, Edit and View.) I added User A to this team, yet he is still not eligble to perform these actions.

I will be able to share some screenshots later. Can I PM you this?

Thank you.

Hi,

Thanks for the description of your configuration. I’ve tried what you have described in the latest 3.4 version and it seems to work. What version are you currently running?

You can send screenshots to support@octopus.com.

Thanks,
Shane

Hello Shane,

I’ve send out an email to the support email (https://octopus.com/support).
I’ve send the details in a document of our current structure in Octopus and the version as well.

Thank you.

Hi,

Thanks for sending the extra details.

In order to view and edit the variables in a library variable set the user will also need VariableView and VariableEdit. You can scope those permissions to an environment and the user will only be able to view the variables in the Dev environment, for example. It will not work if the permission is also scoped to something else (like a project).

I hope this helps.

Cheers,
Shane

Hi Shane,

I’ve added these permissions to the custom role that I created and that fixed the issue.

I hope that this is the right approach.

Thank you for your help.

Cheers.

1 Like