I have many variables in my projects. And they are scoped to our many environments. But I have one called replicaCount. For that one variable, I would like to restrict who can edit its production value.
For other environments, I don’t care who can edit it. Also, for other production variable values, I am not concerned who can edit them.
Just the replicaCount variable and only for production. (Though I admit that there may be others later.)
Is there a way that I can restrict access to some production settings, without forcing my Ops team to take on the burden of managing ALL production variables?
Thanks for getting in touch, and welcome! Unfortunately Octopus’ permissions system doesn’t provide that level of granularity - there’s no way to restrict access to some environment-scoped variables while allowing access to other identically scoped variables.
One potential workaround (though certainly not a great solution) could be to add an additional dummy environment in which to add this as a scope to this one variable, then allow VariableEdit access only in production. A variable that is scoped to both an environment they have access to and one they don’t should then theoretically not be editable by that user. You’d also need to add this environment to the permissions scope for the user that should be able to edit it, though.
I’m sorry it’s not the best news, but please let me know what you think or if you have any further questions!