I am trying to restrict editing variables in a Variable Set by the scoped Environment, but the permissions do not seem to work.
For example, I have the VariableEdit permission for our Dev environment, but do not have VariableEdit for Prod. I also have LibraryVariableSetEdit for Dev, but not for Prod.
I cannot edit a Prod scoped variable in a Project, but can still edit a Prod scoped variable in a Variable Set.
Are these permissions working as intended? If so, how would I manage variables using a Variable Set and prevent users from editing Prod variables?
We have setup some variables (like the DB password) as “sensitive” variables. This prevents people from reading them in the Octopus interface – but would be easy to get around by assigning that variable to the Dev scope, deploying the project, and then viewing the config file on the Dev server.
Do you have any suggestions for allowing developers to add/edit variables as needed for Dev/Test environments, while protecting the values scoped to Prod?