We have configured separation of duties within Octopus so that non-privileged users are not allowed to deploy to production. We’ve also scoped away standard permissions for non-privileged users so that production deployments can only be started and managed by certain privileged users whom must authenticate to Octopus using special Active Directory accounts. This separation of duty only seems to be partially working. Not only did the UI allow button access to something it should not have, but the backend allowed the action to pass through.
Example showing that my non-privileged user cannot deploy to Production (this is working)
Now if I utilize my privileged user to start the Production deployment, the progress becomes visible to my non-privileged user (this is working)
Once my non-privileged user accesses the Production deployment, I seem to have the ability to take control of manual interventions and even cancel the deployment (not working as expected)
Here are the effective settings for Intervention and Task management for my non-privileged user.
Production is listed nowhere in the allowable scope yet I just canceled that deployment. This is bad!
Octopus version v2020.5.1