I am building a custom role for my automated builder to create and deploy a release. As part of that process, I need to read out a Variable so I know which of my tenants to deploy to (Blue or Green).
The role has the permission VariableView
granted to it. And the team has the role granted to it, with the a restriction to the Dev
environment.
My current plan is to have a project variable called CurrentBlueGreenState
. It will be set for each environment my project runs in. I am using a REST api invocation to get this value.
When the variable is setup like this, the REST call works correctly:
Name Value Scope
CurrentBlueGreenState Blue Dev
CurrentBlueGreenState Green Staging, Prod
I get the value Blue and the variable environments with Green are not returned.
But once I change it to this:
Name Value Scope
CurrentBlueGreenState Blue Dev, Staging
CurrentBlueGreenState Green Prod
Then nothing is returned.
Is this by design? I would expect that, since I have view permissions for Dev
, that I would get back the value Blue
for the variable. I am confused why, just because the value is also used for Staging
, it blocks my user from seeing the value for Dev
.
What are the rules for when a scoped variable can and cannot be seen?