I’m doing a proof of concept (started in 1.6) and I have a team I would like to be allowed to deploy in limited environments (can do this bit) however I can’t trust them not to change variables so I would like to deny variable editing. They would essentially be a “Project Viewer” but also able to deploy. Is there a way to achieve this with the new roles system?
Or is there a way to create my own roles in v2.0 or a plan to introduce this as a feature?
We’re exploring the idea of creating custom roles to allow this, but the interaction between features and the UI mean that keeping the app usable for any conceivable combination of permissions is quite tricky.
A possible solution in your case might be to:
Keep your users in Project Viewer
Create a service account with the deployment permission
Set up a target on a build server (e.g. Team City) that uses the service account to initiate deployments/promotions, and allows the team to invoke it, but keeps the credentials private