Hello,
We need to install a polling tentacle on a client’s server. The client will be installing the tentacle themselves as we do not have access.
As part of the polling tentacle installation, an Octopus user is required for authentication with the Octopus server instance.
What are the least amount of privileges required on an account for a polling tentacle to operate as required?
Thank you, Michael
Hi Michael,
Thanks for reaching out. There are 2 accounts in place in this process that you need to be aware of:
A) The Octopus Account that will be used to register the Tentacle with the Octopus Server. What you can do is create a service account with only the below permissions and hand over the API Key of that account to your client, so they can only add/edit Tentacles and not trigger deployments and other stuff
MachineCreate
MachineEdit
MachineView
EnvironmentEdit
EnvironmentView
B) The Windows/AD Account that will be used to run the Tentacle Service on the windows VM. During all the deployments executed by this Tentacle, all actions will be taken on behalf of this account.
Let me know if that’s clear enough 
Regards,
Dalmiro