Restricting permissions to deploy to Production environment

Is it possible for Octopus to do one or both of the following?:

  1. Can an environment be set up such that only a limited set of users can deploy there? E.g. developers can deploy to Development and QA, but only SysAdmins can deploy to Production?
  2. Can an environment be set up such that it can only receive releases promoted from an earlier environment? E.g. SysAdmins can deploy to QA, but most promote a build that has already been deployed to QA up to Production?

Ah, found the Lifecycle feature. This resolves 2.

Hi Peter,

Thanks for gettting in touch! I’m glad to hear that you found your answer to your second question. Hopefully this will answer your first question.
Octopus gives you great control over who can do what in different environments. This is controlled by scoping Teams/Roles to different Projects/Environments.
Using a mix of different permissions and custiom Teams, you are able to create complex permissions to behave in any way that you need.

Here is a link to our documentation that talks about how you can edit the user permissions on the Octopus server.

Below we have a link on how you can set up a user with mixed environment permission, the idea however, can be taken and used for any permission scenario that you need.

Let me know if this answers your question or if there is anything I can explain further. :slight_smile:

Best regards,

Thank you, Dan; this is great! My team’s deployments are now a lot simpler and safer.

Hi Peter,

Thanks for getting back! I’m glad to hear that it helps.

Please don’t hesitate to get in touch if you have any further questions.

Best regards,