Hi, we are currently testing Octopus migration from v1.6 to v2.1. We discovered that after the migration, the group permissions defined in Octopus v1.6 did not get migrated. We have quite a few rules defined for different user groups in v1.6, are there ways to migrate these settings?
Thanks for getting in touch. Permissions changed a lot in 2.0, so much that there’s no automatic way for us to map the old 1.6 permissions to 2.0 teams.
You can read this page to learn about how permissions work in 2.0:
Your old groups should have been migrated into Teams; all you need to do is assign those teams the appropriate roles.
Thanks for the info. In Octopus v1.6, there are options to set permission/role per environment (and/or per project). This feature is useful especially multiple permissions need to be assigned to the same group/team.
For example,
Developers - allow to “View Variables” for ALL environments
Developers - only allow to “Edit Variables” for the DEV environment
Developers - allow to "Create Releases"
Developers - allow to "Edit Projects"
Developers - only allow to “Deploy Releases” to the DEV environment
In Octopus 2, you can also assign multiple permissions/roles to the same team, but how do you configure environments (and/or projects) for each permission/role?
In 2.0 you can scope the team to projects/environments. In your example, you may need to create multiple teams and put the users in each of those teams to achieve the kind of granularity that you need since the scoping applies for the whole team rather than for the individual role assignments.
Thanks for the reply. As per what you’ve suggested, we have now set up teams per role per environment (eg: project deployer for DEV, environment manager for DEV, project deployer for PROD…etc).
However as we have a large number of users, adding them one by one into each team can be quite troublesome. Does Octopus 2 support User Groups? So we can group users into appropriate user groups (eg: Developers, Testers…etc), and then add each user group into appropriate teams (eg: add “Developers” group to “project deployer for DEV” team, and “environment manager for DEV” team).
No, currently this isn’t possible - only users can be members of teams. We’re going to add AD Groups as an option (so you can add an AD group to a team) in a future release.