I discovered the new feature "custom role" and it's great ! That's exactly what I need but I have an issue and I would like to know if I use it correctly.
I created a custom role names "Deployer" which allows :
- View deployments
- Deploy Cloud Templates
I want this role to be able to deploy cloud templates (blueprints) and see the status of deployments.
When I login with a user with this role, I only see deployments and cloud templates, that's great.
My issue is : In the "design" table, where the cloud templates are located, I can also "create" a cloud template ! And I don't want to role to be able to do this. Only admin will be able to create new cloud templates.
Is it a "bug" or I'm not using it correctly ?
Thank you in advance.
As far I can see, you are giving the user belonging to that role, permissions to access Service Broker and Cloud Assembly..... Do he needs Cloud Assembly role? I'm asking because, based on your use case, only Service Broker access is needed. If you configure the user with only Service Broker access, the Design tab should not be visible and accessed by the user
Hi lnairn !
Thank you for your answer. I think you are right. I didn't think about this approach.
For me, even if I give him access to cloud assembly, it was OK because it's just to "deploy" blueprints rights and not edit them. It is still a strange behaviour in my opinion that he can edit with these rights.
So, you are right, he totally can use only the service broker in this use case.
Thank you !