User project variable permissions only work on some tenants

We have a project variable template and multiple tenants. Our end users have project variable edit on all environments in their specific projects, but not all. On two of our tenants, users cannot edit tenant variables (project template variables) on any environment, getting a permissions error, but they can on any other tenant connected to their project on the same variable template.

We’ve tested with multiple users across different projects, and they cannot edit variables by this pair of tenants. As far as I understand, tenant variables are just project variable permissions, so any user with appropriately scoped project variable edit should be able to edit a tenant variable connected to a given template. So why is there only differing behavior on these 2 tenants? It feels like a bug, and we’re out of ideas on how to fix.

Hi @eandrus,

Thanks for getting in touch! This has all the trappings of a permissions issue based on your description. However, I also agree that it smells a little bit like a bug. I’ll need to collect some additional information from you to better understand what could be going wrong.

I think the best information to provide would be a comparison between one of your working tenants and one of the two with this issue. Screenshots illustrating the variables and their scoping. A permissions export of one of your users will provide some helpful context and allow us to try and reproduce this problem on our end in order to find the cause.

To summarise:

  • Two screenshot from each of the tenant, one showing the main page with their project connection, and another showing the variable configuration.
  • Screenshot showing how the variable template is configured, including any scoping. (I’ll need to see all of the variables listed, just make sure to redact anything sensitive.)
  • A permissions export for one of your users experiencing this issue.
  • The version of Octopus Server you are currently using.

The above information will help us start investigating and hopefully get to the bottom of this issue.

I have generated a link for your octopus account to securely upload these files.

If you have any questions or concerns, please don’t hesitate to let me know.

Best regards,