What is the best way to restrict teams to specific roles and/or environments?
For example we have two teams, an E-Commerce team and a Merchandising team. Each team has 3 environments, dev/qa/production. I would like to create roles for the merchandising team that they can deploy to but the E-Commerce team can not deploy to.
I can see two solutions.
- Create 6 environments, 3 merchandising environments like MERCH-DEV, MERCH-QA, MERCH-PROD and then create the roles specific to their deployment (i.e. merch-web-servers-group1, merch-redis-group-1, etc). The merch team would then only be able to select these roles for their projects.
- Create 3 environments, dev/qa/prod and then create merch only roles and ecomm only roles. Restrict the merch team to only be able to select from the merch roles and the ecomm eam to only the ecomm roles.