Open kiranbaddi opened 8 months ago
Thanks for this feature request. This scenario isn't currently possible with our current authorization model. A given actor (user, group, service account, etc.) can only have a single role on any given project, and that role applies across all environments the actor has access to. Though it's not ideal, you can work around this by creating a second group and granting it the Viewer role in production, while granting your first group Collaborator to the other environments. You'd then want to ensure that both groups have the same users.
Is your feature request related to a problem? Please describe. We cannot assign groups permissions in such a way that the group can have Viewer access in Production environment/configuration and Contributor access for the rest of the configurations
Describe the solution you'd like Implement fine grained controls in such a way that a group can be Viewer only in a particular environment/configuration and can be Collaborator for other configurations.
Describe alternatives you've considered No alternative is possible at this time.
Additional context We are trying to assign permissions through Terraform.