Make teams fully manage only their own projects, but not their teams roles


We aim to have all teams within Octopus having the ability to manage all their environments and projects that they own. But not manage central parts as License, Roles etc.

One issue we have is that we don’t se a way of creating a custom role to apply to a team that can edit the teams own group members (invite new employees by themselves) but not manage the teams own roles. (Making so they can promote themselves to Octopus Administrator) Am I searching for that the Octopus role ‘TeamEdit’ should be split into more parts? Or have we missed another way of accomplish our need.

Hi Anders,

Thanks for getting in touch! Unfortunately I do not have good news for you. It is not something that you have missed, but a granularity of our permissions that is not provided. If you can manage a team you can manage all of that team.
The only solution I can think of is if you use AD integration, and using their groups to manage who is on a team by adding a group to a team. AD is our only supported auth provider that currently has this functionality.

I had a really good search on UserVoice and could not find a similar suggestion anywhere. It would be worth creating one to see if there is any community support.

Generally we are very cautious when adding additional permissions and it can become a very heated debate internally. The consensus is nearly always majority against adding too much granularity to permissions.

Sorry I didn’t have better news.


Thanks for clear respond an the confirmation that I’ve understand the limitation. I just posted a UserVoice:

Best Regards - Anders Lundsgard