Restrict which roles a project contributor has access to

What is the best way to restrict teams to specific roles and/or environments?
For example we have two teams, an E-Commerce team and a Merchandising team. Each team has 3 environments, dev/qa/production. I would like to create roles for the merchandising team that they can deploy to but the E-Commerce team can not deploy to.

I can see two solutions.

  1. Create 6 environments, 3 merchandising environments like MERCH-DEV, MERCH-QA, MERCH-PROD and then create the roles specific to their deployment (i.e. merch-web-servers-group1, merch-redis-group-1, etc). The merch team would then only be able to select these roles for their projects.
  2. Create 3 environments, dev/qa/prod and then create merch only roles and ecomm only roles. Restrict the merch team to only be able to select from the merch roles and the ecomm eam to only the ecomm roles.



Hi Brett,

Thanks for getting in touch!

My first instinct in that case would be your option 1, if you treat the environments as separate (even though their purpose is similar) then creating separate environments is going to be easier to work with.

Hope that helps!