Enhance Security and Flexibility with Granular Permission Controls for Project Settings

Objective: The goal of this feature request is to introduce more granular permission controls within TeamCity, allowing administrators to scope permissions specifically to different aspects of project settings. This would empower teams to delegate responsibilities more effectively and securely, without granting overly broad access. My specific case is I want users to be able to create VersionedSettings > tokens, but don't want them to be able to edit other aspects of the project such as ssh keys. The only permission to accomplish this is “Edit project” and this is too permissive.

Current Limitation: Currently, TeamCity requires granting the 'Edit project' permission to users who need to manage specific parts of project settings, such as Versioned Settings tokens. This all-or-nothing approach can inadvertently expose sensitive configurations to a broader audience than necessary, increasing the risk of accidental or unauthorized changes.

Proposed Feature: We propose the development of a feature that enables administrators to assign permissions at a more granular level. Specifically, this would involve creating separate permissions for various project settings areas, such as:

  • Versioned Settings management
  • VCS roots configuration
  • Build steps configuration
  • Parameters and environment variables
  • Agent requirements
  • Access to run custom scripts

Benefits:

  • Increased Security: By limiting access to only the necessary settings, the risk of unauthorized changes decreases significantly.
  • Enhanced Delegation: Teams can delegate specific tasks without compromising the overall security and integrity of the project.
  • Improved Auditability: With more specific permissions, it becomes easier to track who made changes, further enhancing security and accountability.
  • Flexibility: This feature would allow TeamCity to accommodate a wider range of organizational structures and workflows, from small teams to large enterprises.

In conclusion, adding granular permission controls for editing specific parts of project settings in TeamCity would significantly improve security, flexibility, and manageability for organizations of all sizes. We believe that this feature would be a valuable addition to TeamCity, making it an even more compelling choice for continuous integration and continuous deployment needs.

0
1 comment

Hi,

Thank you for providing your feedback.  

To ensure we capture your ideas effectively, we invite you to share any feature requests/bugs at Youtrack.

0

Please sign in to leave a comment.