I have configured Script Console permissions as described in: Permissions required for Script Console access only?
I then scoped these
Space Permissions to just a specific environment. The script console works when using just the environment scoped to, but fails whenever selecting and environment and target.
For example, let’s say I have an environment
PROD. I have 2 machines in each environment, one with role
role1 and the other with
I have configured a as role 'Script Console
as described in the form post linked above. I created a team, and scoped this role to a user only for theDEV
environment. They can now access the script console and run scripts on machines only in theDEV` environment.
If they select the
Select individual deployment targets to run the script on option, they can select any server in the
DEV environment as expected. They can also select the
Run the script on all deployment targets in set of environments, roles, and tenants and select the
DEV environment to run scripts on both servers as expected. If they try to run a script on any machines in the
PROD environment, they get a missing permission error as expected.
However, if they select
Run the script on all deployment targets in set of environments, roles, and tenants selecting the
DEV environment and role
role1, they mistakenly get a missing permission error.
Since they can run scripts on all machines in the environment, surely they should be able to filter just machines in that environment that have a specific role. Instead, the current workout is to go to the environment editor, find all the machines that have both the
DEV environment and
role1 role, and then enter in the machines as
Select individual deployment targets to run the script on. For one server this isn’t bad, but when you have many servers, this process is quite cumbersome.