Thanks for all the help! It did indeed end up being a scoping issue which we fixed by giving the users access to the Environment Viewer and Project Viewer permissions without any scope. This does have an annoying side effect because all users are now able to see all projects, but at least we’re able to save our variables now.
Everything below is a step by step guide on what I did, changed and how I got to the conclusion I did. It’s mostly screenshots but I think it might help anybody who stumbles upon this post in the future.
I’ve created a new user and added it to the Variable Bug team, I’ve scoped all the permissions exclusively to the development environment.
I’ve then created a new tenant and a new project which is linked to the development and test environment (screenshot from my main account).
As you said this creates issue where I get a “1 more” box instead of the Test environment which results in the error (screenshot from the dummy account).
Interestingly the entire situation gets fixed for the dummy user if I simply unscope the Environment Viewer permissions.
I even went a step further by creating a second project, linking it and then scoping the Project Viewer permission to the first project. This resulted in me only being able to see the first project but I could still edit the variables for it and save it without any errors. That is until I used my main account to change the values of the second project.
So these permissions
Gave this result for the dummy user (can only see the 1 project)
While my main account can see the 2 projects
I added some dummy values using my main account
Which as expected resulted in me running into the error on my dummy account
So now with the knowledge that it breaks when I either can’t see all the projects or can’t see all the environments I decided to try and change the value of a real variable of a real tenant. I added my dummy user to one of the teams created to give full access to a project, so at this point I’m in both the access team (permissions in the screenshot below) and the Variable Bug team.
Going to the tenant shows me the 2 projects I’ve given myself access to but it also reveals that there are actually 11 projects that are linked to the tenant (so I can’t see all the projects).
As expected I can’t save at all because I’m missing the variables from the 9 projects I can’t see.
If I now simply remove the scope from the Project Viewer permissions I can see all projects
And most important I can save the variables
So for us the fix was giving everyone Environment Viewer and Project Viewer permissions without a scope. This has as an annoying side effect that all projects are visible for all users which isn’t ideal but at least it allows us to save our variables.