Unable to create project with required permissions

kakarlayogitha · 9 November 2021 11:02

Hi

we have created a new role and assigned a user with project initiator , project deployer roles

but when we try to create a project with that new user , we get below message

You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: ProjectView

But we have given Project view role to the userrole for which user is attached .

we want to create 2 types of users

1)Users who can view , create projects under particular tenant
2)Users who can view , create and delete projects under particular tenant

I have created those custom roles , but when trying to create project i get above error message

Please suggest

paul.calvert · 9 November 2021 11:36

Hi @kakarlayogitha,

Thanks for getting in touch!

When you created the new Team and added these roles did you scope the Roles to specific projects, tenants or environments?
e.g.

If the role is scoped to specific Projects, then the users won’t have the ability to create new Projects, as, they would be outside the scope.

Regards,
Paul

kakarlayogitha · 9 November 2021 12:19

Hi,

PFA screenshot .I have mentioned only tenants

paul.calvert · 9 November 2021 13:55

Whilst it is linked to the Tenant I believe it is causing a similar issue to what I described.

By default, that permission scoping will only have access to Projects that are linked to the Tenant LBG.

When you create a new Project, it is created without any Tenant links and therefore users with the permission scoped like this will be unable to create new Projects.

kakarlayogitha · 9 November 2021 14:54

Hello,

Thanks for the update

But we would like to give users permissions according to tenant wise

Kindly help us with that

paul.calvert · 9 November 2021 15:00

That’s fine, it just means that you will need to layer the roles and scopes as required.

So, in order for a user to create projects, they will need an unscoped role with the ProjectCreate permission.

You can then add additional roles that are scoped to specific Tenants to limit access as required.

kakarlayogitha · 10 November 2021 06:29

Hello,

PFA screenshot . Is this how you are saying ?
we need to create another user role which contains only project create permission without any scope and added to teams along with earlier one?

Does this help me create new projects and those projects gets automatically tagged to that tenant ??
Please suggest me

kakarlayogitha · 10 November 2021 06:30

After adding like this , when i logged in and cheeked to create new project it shows same error

You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: ProjectView

Paul_Calvert · 10 November 2021 07:03

It isn’t possible to have newly created projects automatically link to tenants. After creating a new project any tenants that you want to use that project will need to be linked via the tenants screen.

We typically recommend using our built-in roles where possible.
So, for this team, removing the two roles it already has and adding the Project Initiator role without any scoping will allow users of that team to create new projects.

If you’re wanting to limit which projects this team can view, then the Project Groups option would be a better option for scoping. When you create a new project you can select which project group to add them to.

kakarlayogitha · 10 November 2021 09:17

Hello,
Thanks for the update

COuld you please help me create this role which has permissions to view and create projects in a tenant

Could you please guide me

So, for this team, removing the two roles it already has and adding the Project Initiator role without any scoping will allow users of that team to create new projects.---- I need users to access and create only wrt tenants

i need to create roles wrt tenant wise

paul.calvert · 10 November 2021 09:57

Unfortunately, that isn’t possible with our permission system.

Because a Tenant can only be linked to a Project after it is created, the team that creates projects cannot be limited by Tenant scoping.

As mentioned, you could perhaps achieve something similar by using Project Groups.
e.g.
Creating a Project Group for the specific Project\Tenant combinations and scoping the Role to that Project Group

A user with that Role will only be able to create and view Projects within that specific Project Group

You could then add a second Role to the Team for the specific Tenant(s) you want to use with the Projects within this Project Group. This Role would mean that this User can only link the Specified Tenant(s) to the Projects they have access to.

system · 11 December 2021 09:57

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.