What permission grants a user access to a project’s Triggers tab? One of my users said they had this permission and lost it. I’ve reviewed all the documentation I can find about roles and permissions, but none of them contains the word “triggers”. Is there a feature/permission matrix showing what permissions are necessary for each feature in the software?
Hi Steve,
Thanks for getting in touch.
Unfortunately you’ve discovered a bug. This menu should require ‘ProcessView’ permissions (as in, anyone who can view the deployment process should be able to view the triggers menu), but it currently requires ‘ProcessEdit’ permissions.
We’ve made a GitHub issue that you can track to be notified when a fix is available.
When this feature was originally designed, it was believed that triggers were closely related to the project’s deployment process, so triggers shared these permissions. I think triggers probably warrant their own set of permissions now, so as part of this issue we’ll add some Trigger permissions that you can manage independently.
For now, the only workaround would be to give this user ProcessEdit permissions so they can see that menu item.
Thanks for bringing this to our attention.
Regarding Octopus’ feature/permission matrix, this is essentially the list of roles listed under the User Roles screen. Unfortunately triggers were not given their own set of permissions, otherwise it would have been more intuitive from the outset.
Hope this helps.
Cheers
Mark
Thanks Mark! That’s exactly the information I needed. I’ll be creating a custom user role with only that permission as a workaround until we upgrade to a patched version.
The ProcessEdit permission did not resolve the problem. The triggers option is available, but presents the message “Missing permission: EventView” even when EventView is assigned.
Are there other permissions that need to be added as well?
Hi Steve,
Hmm, that’s strange it’s reporting that message when you have EventView assigned.
Project Trigger records have a relationship with environments and events (as in, you can select Environments and Events as part of your Trigger), so your user role will also require the EventView and EnvironmentView role. If you want this user to edit the Trigger records, the full list of roles needed will be: EnvironmentView, EventView, ProcessEdit, ProcessView, ProjectEdit, ProjectView.
Could you add EnvironmentView, as well as EventView, and see if that stops the error you were seeing?
Cheers
Mark
EnvironmentView, EventView, ProcessEdit, ProcessView, ProjectEdit, and ProjectView permissions are all assigned to the role I created but my user is still seeing the same error.
Screenshots of the error and configuration are provided.
As an update, we upgraded to version 3.7.11 a few weeks ago. Triggers haven’t worked for any users since that upgrade.
Hi Steve,
Thanks for the additional information and screenshots. They helped track this down.
We reproduced this issue with version 3.7.11
. After further investigation, this was a known issue where we had some incorrect permissions on some API endpoints that the Triggers screen is calling.
This issue (reported here) was fixed in version 3.7.12, so if you are able to upgrade to that version (or get the latest version of Octopus) this issue will be fixed.
The problem occurs because your role is scoped to a specific project, and those endpoints are expecting full access to the EventView
permission (not EventView
permissions with a limited project scope). So if you don’t wish to upgrade, a temporary workaround would be to remove the project scoping from your Triggers
role.
Hope this helps.
Cheers
Mark