User role to approve but not edit process

douglas.stonham · 22 September 2023 17:05

For auditing reasons, I’m looking for a role that will allow the user to complete approval steps, but not edit the deployment process.

e.g. a project “Great Web Site” has an approval step applied only to the production environment with responsible team “Great Web Approvers”.

Team “Great Web Approvers” is configured with role “Deployment Creator” on the group that Great Web Site is in. Deployment Creator was chosen because anything higher than that seems to give process edit.

As it stands, the user sees an error instead of the approval message. I experimented with giving Deployment Creator the InterruptionViewSubmitResponsible permission, but that didn’t seem to work either.

I was thinking of creating a custom role to handle this but was scared off by the warning at the top of the add custom role page…

Is there a better way of doing this? Or do I need to create a role?

garrett.dass · 22 September 2023 23:15

Hi @douglas.stonham,

Thanks for reaching out to Octopus and welcome to the community. It looks like at minimum you will need the following permissions on top of the “Deployment Creator” role:

If you don’t want all Deployment Creators to have this ability, I would suggest that you make a new Custom Team/Role including these permissions and mirroring the current deployment creator role’s permissions.

I hope that helps but please let me know.

Regards,
Garrett

system · 23 October 2023 23:15

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.