We are trying to create a role that we can add to a team that has deployment permissions to allow them to create, view and edit subscriptions. I’ve set up the required role and permissions for the subscriptions and added this role to their team.
However, they can’t get to the Subscriptions page since they can’t see the Configuration menu in OD. Is there any way to allow them access, without giving them Admin permissions?
Thanks for getting in touch! I’ve given this a test and have seen a user that has only the permissions for subscriptions cannot see the
Configuration tab in the UI. To give the user access to view the configuration tab and existing subscriptions (and create new ones), I gave my user these permissions:
TeamView. Obviously this also gives them permissions to view the audit log and your teams, so it’s probably not preferred for your scenario.
Additionally, since subscriptions can be filtered by document types, users, projects/project groups, environments, tenants, tenant tags, etc. the full functionality of subscriptions won’t be complete without a user having permissions for those individual objects.
Sorry it’s not the news you were after. Let me know if you have any further questions at all.
Yeah, that’s kinda what I expected. Looks to a certain extent that Subscriptions has been designed as an admin-type function, when to be honest it’s something that would be useful to Ops/Dev teams also. Might be worthwhile if you folks at Octopus could consider this?
In the meantime, we can just add a step to the end of the deployment process for the project in question to call the webhook - it’ll be good enough.
Thanks for following up! You’re correct that the subscriptions feature was designed mainly for admin permissions, in a way, as it can touch on lots of different events around Octopus which require their own respective permissions. It’s great to hear you have a good solution for now - it sounds like a good approach for your needs. Though I can see how it could be helpful in situations like yours to allow Ops/Dev teams to create/edit them without allowing them full admin permissions. Feel free to suggest this idea up on our UserVoice site, as it’s the main avenue we use when considering new features and enhancements for future releases.
Don’t hesitate to reach out if you have any further questions.