Hi Marchenko,
Thank you for getting in touch,
It’s definitely possible to set up this permissions structure.
Octopus gives you great control over users and what they can do what in different environments. You can control this by scoping Teams & User Roles to different Projects/Environments. Using a mix of permissions and custom Teams, you are able to create complex permissions to accommodate your goals/requirements.
Here is a link to our documentation that relates to how you can edit the user permissions on the Octopus server.
Below I have also included a link on how you can set up a user with mixed environment permission, the concept, however, can be used for any permission scenario that you require.
As an example, within my environment, I was able to create a user named “Dev Ops” that had full administrator permissions (minus the ability to edit user roles to prevent the user from manipulating the permissions I put into place) which belonged to a newly created team called “Dev Ops Administrators”. The Team “Dev Ops Administrators” was scoped only to my “Testing” environment and not my “UAT” or “Production” environments. As a result, the User was able to create a release and deploy to Testing but was not prompted to deploy to “UAT” or “Production”. (It’s also possible to scope the Team for specific Projects, Project Groups and Tenants)
It’s worthwhile to mention, you could also include a manual intervention step to introduce a sign-off procedure, this can be used to avoid deploying to your production environment in error.
Please be aware, however, using your example with the above permissions, this will cause users in Team A to not be able to view the Team B environments outside of the deployment process, so if this is something you still require then this will not work accommodate your scenario.
I hope this helps!
If you require any further assistance or clarification please let me know
Kind Regards,
Reece