I have set up our “alpha” build to automatically do the following:
- generate and push version x.y.z deployment packages to nuget feed
- create release x.y.z
- deploy release x.y.z to Test environment
This works great. I want to tighten security though. I currently have to give the build user (which is a system user, not a person) both Project Deployer and the Project Lead role to get the “Create Release” and “Deploy Release” permissions. Both those roles will grant the user permission to mess around with projects, variable sets, etc. which is, in my case, too much.
It would be great to have a distinct role that is only allowed to create releases and deploy those, so that these actions can safely be driven from a build server.