Hi,
We have a development team who have access to the entire of octopus except the live platform environment. We want them to be able to set up variables in variable sets that are scoped to the live platform, but we don’t want them to be able to deploy to the live environment.
Is there a way of achieving this?
Regards
Tom
Hi Tom,
Thanks for getting in touch! This is totally possible! It comes down to setting permissions for the user. This process is outlined in depth in our documentation.
First, create a team and scope the team to the Live environment (located in Configuration -> Teams -> Add Team)
Second, create a custom role (in Configuration -> Teams -> Add Custom Role), just exclude those related to deployment: DeploymentCreate, DeploymentDelete, ReleaseCreate, ReleaseEdit, and ReleaseDelete.
If you only want them to have permissions for variables, you can assign them only the ones related to Variable and LibraryVariableSet. The permissions VariableEditUnscoped and VariableViewUnscoped give the user access to view and edit all variables that have no scope, whereas the VariableEdit and VariableView will only be applied to the environment the team is scoped to (ie Live).
I hope that helps!
Kenny