I’ve created a new Service Account (API only user) for use from our TeamCity server and a corresponding custom role. I want this account to be only able to create releases and deploy them to our Development environment. I attempted to add just ‘create release’ and ‘deploy release’ but Octo.exe also needed access to view some information about the project steps and packages in order to actually perform the deployment. I ended up adding several ‘view’ permissions but I’m not sure if I’ve covered everything a deployment may need, or if I’ve added anything unnecessary. The permissions assigned to the role are:
@@@
BuiltInFeedDownload
BuiltInFeedPush
DeploymentCreate
DeploymentView
EnvironmentView
FeedView
ProcessView
ProjectView
ReleaseCreate
ReleaseView
VariableView
VariableViewUnscoped
@@@