User can't edit scoped variables

I’ve created a role “Variable Sets Manager” with the following roles applied:

LibraryVariableSetCreate
LibraryVariableSetEdit
LibraryVariableSetView
VariableEdit
VariableEditUnscoped
VariableView
VariableViewUnscoped

I’ve created a team and assigned this role to it with no scope and added a user to this team. The user can see all variables but not edit any scoped variable value. I’ve got the same setup (as far as i know) on another instance of octopus deploy we are running without issue.

I’ve attached the test permissions csv of the user.

Thanks,

Adam

edit: changed unscoped variables with scoped

Permissions_export_2017_02_21__16_25_08_UTC.zip (633 Bytes)

Hi Adam,

What version of Octopus are you currently running? Are these unscoped variables in a Library Variable Set?

We made some changes in 3.10.1 to fix a bug that prevented editing unscoped variables.

Thank you,
Henrik

Hi Henrik,

We’re on 3.10.1

“I’ve got the same setup (as far as i know) on another instance of octopus deploy we are running without issue.”

This other instance is also on 3.10.1 so i’m not sure it’s a bug.

Thanks,

Adam

Hi,

Sorry my understanding of the issue was wrong. The user cant edit scoped variables. Unscoped variables are fine. His permissions should allow him to edit all variables so as far as i know this is still a problem but it is scoped rather than unscoped variables where the problem occurs.

UPDATE: I managed to solve this problem by adding the environment manager role to the user. This does now work, however, previously this role was not added to the users and they could still edit scoped variables. As far as my understanding, the roles in the “variable sets manager” role I created should be enough. Can you please confirm if this is the desired functionality?

Thanks,

Adam

Hi Adam,

Yes, we’ve made a change to the permissions required to edit variables in a library variable set.

To edit scoped variables in variable sets the user needs the EnvironmentEdit permission as previously you could see and edit variables in environments that the user was not authorized for.

I hope that helps explain the new behaviour.

Thank you and best regards,
Henrik