We have had a problem for about a week or two (to my knowledge at least) where Octopus users are unable to edit variables in a variable set that they definitely have permissions to edit. The only known (to me) workaround is to make them an Octopus Admin, or for me to do it (as I’m an Octopus Admin).
Anyone else having this issue?
We are using Octopus 3.1.7
Hi,
Thanks for reaching out. The team that grants the users permissions to edit variable sets must be scoped to all teams (see attached screenshot). That’s probably why the other users cant edit the variables, but you can being an admin.
Was the team modified in any way in the last 2 weeks? You can check this on Configuration -> Audit
Regards,
Dalmiro
Thanks for the response.
Are you saying that in order for a team to edit variables in Library-> Variable Sets, the team MUST have ALL projects (i.e. blank field from your screenshot)?
We do not want this team to be able to edit ALL projects, only some.
How do we allow the team to edit some variable sets, but not all?
You are correct that the team in question was modified a couple weeks ago. I changed it from “blank” (All Projects), to just projects related to the team.
You can create a custom team with the following setup:
Projects: blank field
Roles: CustomRole
CustomRole would have the following user roles:
This way, even though the user would be on a team that is scoped to all the projects, they wouldn’t have the necesary roles to actually have any impact on the projects themselves. They will only be able to see/edit the variable sets.
Hope it makes sense
Dalmiro
So you’re saying that the only way these permissions work, is if the Projects field is blank?
This sounds like a bug, or at least an opportunity to add a feature.
Perhaps you could add a field to Teams, like Projects and Environments, called Library Variable Sets, then allow a team to be scoped to only edit certain Variable Sets.
Or am I not understanding how this works?
What you’re suggesting is that we are forced to place a user in multiple teams, which makes management more difficult.
Hi,
So you’re saying that the only way these permissions work, is if the Projects field is blank?
Correct
This sounds like a bug, or at least an opportunity to add a feature.
Perhaps you could add a field to Teams, like Projects and Environments, called Library Variable Sets, then allow a team to be scoped to only edit certain Variable Sets.
That’s actually not a bad suggestion at all. Would you mind submitting it in Uservoice? http://octopusdeploy.uservoice.com/
What you’re suggesting is that we are forced to place a user in multiple teams, which makes management more difficult.
Yes, I’m suggesting to add the user to just one more team. It is a very common practice among our users to have one team dedicated to provide rights over Library Variable Sets, and then have 1-2 team members of each project on that team. The team would end up with many users from different projects.
Regards,
Dalmiro
