I’ve two questions reg users access for Octopus Deploy
- We are using Teams tab in configuration to manage users access for different portfolios in Octopus Deploy. We’ve observed that authenticated users in AD are able to access the Octopus Web by default and they were added to Everyone group. Since Everyone group doesn’t have any roles assigned and they can’t see the any existing groups or projects. But this issue was raised by our auditors on why users are listed in application even though they are not part of any specific groups. We had to delete users manually every time if we find any unauthorized users in Everyone group.
is there any specific reason why you are allowing authenticated users to access Octopus web by default?. Ideally it should show some type of access denied error when unauthorized users try to access Octopus Web. Let me know your thought on this.
- We would like to control the users access to global variables in variable sets in Library. Initially we had only one team so there was no problem. Now we are expanding to different departments in our company to consume Octopus Deploy. I was able to control the access to Projects and Environments by using Groups so that they can see only their own groups and projects. But I don’t see any option to control the access for Variable set in Library. Its very important that users should not see any other groups variables as we use variable set for common database names and instances for our projects. Is there any workaround for this issue or any future enhancement in pipeline?. I’m sure that our auditors will not allow this access. Let me know on this.