Currently, a user in an organization needs to have Manage Workspace permission to create new jobs, aka. run Terraform, but once the user has this permission, who can change all the settings of the workspace, is it possible to have a separate role to allow users to "use" the workspace but not manage it? Operations that are potentially in the use category could include:
Run Terraform from CLI
Issue a Run from UI
but not include:
Update any settings of the workspace
Read the state of the workspace
Pull (dump out) the workspace state to local
The thinking behind this is that the state file could include sensitive data that we don't want all users to read and that users of the workspace should not have the ability to update settings such as IaC version, template etc.
Potential work included in the above suggestion:
A new role (Use workspace maybe)
Enhancement to UI to disable state file output and settings of the workspace.
Feedback
Currently, a user in an organization needs to have
Manage Workspace
permission to create new jobs, aka. run Terraform, but once the user has this permission, who can change all the settings of the workspace, is it possible to have a separate role to allow users to "use" the workspace but not manage it? Operations that are potentially in the use category could include:but not include:
The thinking behind this is that the state file could include sensitive data that we don't want all users to read and that users of the workspace should not have the ability to update settings such as IaC version, template etc.
Potential work included in the above suggestion: