We have two types of environments : PROD and NONPROD. We have many, many applications. (> 50)
The concept of environment type goes across applications in our organisation, i.e. each application (which equates to a Deployment Plan in Bamboo) will have at least two environments, e.g. for AppA there will be environments "AppA-PROD" and "AppA-NONPROD".
There are many people to whom we would like to grant access in Bamboo to create deployment jobs that end in a NONPROD-type environment. There are only a few who should be able to do the same for PROD-type environments.
How can this be accomplished?
I know that we can set permissions on an environment for a given plan once it has been setup, but that doesn't accomplish our goal of allowing people to set up their own deployments into NONPROD.
A few ideas
- We can possibly have Bamboo Agents that are permissioned to deploy into PROD and others that are not. Then we can have "Deploy-To-Prod" as a capability. However this only moves the problem: Is there a way to restrict access to capabilities in Bamboo? (i.e. only certain users are allowed to create jobs which use a certain capability)
- We can - and will indeed - have two sets of Bamboo shared credentials, one for PROD and another for PREPROD. But this then begs the question how we restrict access to using those credentials in jobs ?
- ?
Please advice.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.