We use Variable sets so that we can have different variables for different stages of our pipeline. The problem that I have found is that I need to have System Administrator permissions to be able to edit them.
As we have live servers with tentacles installed I don’t really want to give permissions where people can make changes to live servers.
I have tried creating a new team which is restricted to certain environments and given that group System administrator but they still can’t edit variable sets.
Have I missed a way to grant this permission?
I have been having the exact same problem. We did a massive overhaul of all our permissions after the 3.8.8 update (since it changed functionality for cascading permissions with different scopes) and made sure that not a single permission was duplicated for a given user. We have just a single role for “variable edit” that gives VariableEdit and LibraryVariableSetEdit (really everything that had the word “variable” in it that wasn’t view, because we gave view to everyone). Even with all these permissions, none of my users can edit variables. They can create them, delete them, but not edit them.
Hi Gruss, Matt
I believe the issue is that you’ll need to add
EnvironmentEdit permission to edit the variable set. This was introduced in a recent patch release (3.8.7) as part of a fix to stop us showing variables that were scoped to environments the user does not have access to.
We acknowledge that requiring this permission feels a bit odd, so we are definitely planning on reviewing it.
Hope that helps.
Yep, that did it for me - thanks!!!
I’ve restored the latest version of Octopus onto a test server and checked the permission changes.
It has got the functionality that I’m looking for in that I can give someone the permission to edit variables without making them a global administrator (which pleases our tech guys).
Hi Matt, Gruss
Glad to hear its resolved for you. I’d suggest keeping an eye in that github issue to see if we can remove the need for this permission.