Unable to create project with required permissions

Hi

we have created a new role and assigned a user with project initiator , project deployer roles

but when we try to create a project with that new user , we get below message

You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: ProjectView

But we have given Project view role to the userrole for which user is attached .

we want to create 2 types of users

1)Users who can view , create projects under particular tenant
2)Users who can view , create and delete projects under particular tenant

I have created those custom roles , but when trying to create project i get above error message

Please suggest

Hi @kakarlayogitha,

Thanks for getting in touch!

When you created the new Team and added these roles did you scope the Roles to specific projects, tenants or environments?
e.g.

If the role is scoped to specific Projects, then the users won’t have the ability to create new Projects, as, they would be outside the scope.

Regards,
Paul

Hi,

PFA screenshot .I have mentioned only tenants

Whilst it is linked to the Tenant I believe it is causing a similar issue to what I described.

By default, that permission scoping will only have access to Projects that are linked to the Tenant LBG.

When you create a new Project, it is created without any Tenant links and therefore users with the permission scoped like this will be unable to create new Projects.

Hello,

Thanks for the update

But we would like to give users permissions according to tenant wise

Kindly help us with that

That’s fine, it just means that you will need to layer the roles and scopes as required.

So, in order for a user to create projects, they will need an unscoped role with the ProjectCreate permission.

You can then add additional roles that are scoped to specific Tenants to limit access as required.

Hello,

PFA screenshot . Is this how you are saying ?
we need to create another user role which contains only project create permission without any scope and added to teams along with earlier one?

Does this help me create new projects and those projects gets automatically tagged to that tenant ??
Please suggest me

After adding like this , when i logged in and cheeked to create new project it shows same error

You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: ProjectView

It isn’t possible to have newly created projects automatically link to tenants. After creating a new project any tenants that you want to use that project will need to be linked via the tenants screen.

We typically recommend using our built-in roles where possible.
So, for this team, removing the two roles it already has and adding the Project Initiator role without any scoping will allow users of that team to create new projects.

If you’re wanting to limit which projects this team can view, then the Project Groups option would be a better option for scoping. When you create a new project you can select which project group to add them to.

Hello,
Thanks for the update

COuld you please help me create this role which has permissions to view and create projects in a tenant

Could you please guide me

So, for this team, removing the two roles it already has and adding the Project Initiator role without any scoping will allow users of that team to create new projects.---- I need users to access and create only wrt tenants

i need to create roles wrt tenant wise

Unfortunately, that isn’t possible with our permission system.

Because a Tenant can only be linked to a Project after it is created, the team that creates projects cannot be limited by Tenant scoping.

As mentioned, you could perhaps achieve something similar by using Project Groups.
e.g.
Creating a Project Group for the specific Project\Tenant combinations and scoping the Role to that Project Group

A user with that Role will only be able to create and view Projects within that specific Project Group

You could then add a second Role to the Team for the specific Tenant(s) you want to use with the Projects within this Project Group. This Role would mean that this User can only link the Specified Tenant(s) to the Projects they have access to.

1 Like