I need some help working out some permissions standards for our developers. Currently we allow them to deploy to dev, but we’d like them to be able to create their own projects and processes within Octopus, too. They’d need to be able to scope variables and view logs across all environments, just not deploy to them. This is the part that I get hung up on as it seems like there could be a security risk here. Especially if their process includes variables for a service account that has access to prod.
So I guess the question is what seems to be the typical access a dev would need for Octopus given the above info?
Edit: Maybe a better question is, should developers even be allow to create their own process?