Question on Permission Scoping Channel Access

Hi Octopus Support,

I have a few questions on two permission-related issues. We are on v2019.3.8.

  1. Is it possible to limit the VariableEdit permission to just Project variables and not also Library variable sets attached to the project? (perhaps in a future release?)

  2. Is it possible to scope variable view rights by channel? (as it is done by environment?) We have a variable with three value fields, each with its own channel scope, and want to avoid devs from entering their value in the wrong value field.

Thank you,

Alex

Hi Alex,

Thanks for getting in touch! To give you a simple short answer here, it’s a no for both of your questions unfortunately. I’ll go into some more detail below.

Is it possible to limit the VariableEdit permission to just Project variables and not also Library variable sets attached to the project? (perhaps in a future release?)

Whilst this is currently a no, we are slowly working to resolve the constraints that make it a no. We have a GitHub issue which covers the core issue here, however resolving it is no simple fix. It’s taken a lot of planning and work to ensure that we can fix it and our developers are continuing to work on the issue.

So while this is unfortunately not possible, we are working to make it possible in the future.

Is it possible to scope variable view rights by channel? (as it is done by environment?) We have a variable with three value fields, each with its own channel scope, and want to avoid devs from entering their value in the wrong value field.

This is not possible in Octopus. The complexity of making this sort of permissions scoping work is outside of the ability of Octopus at this time. We don’t know what the future may bring but we do not currently have any plans to allow this level of scoping variable view.

If you have any questions or thoughts on this, please don’t hesitate to let me know.

Best regards,
Daniel

Hi Daniel,

Thank you for confirming what is possible here. We just needed this confirmation for a particular dev team, so they can decide on altering their setup.

Thanks again,
Alex

Hi Alex,

No worries at all! We are always happy to help out wherever we can.

Feel free to get in touch at any time. :slight_smile:

Best regards,
Daniel