Skip to main content
In every organization, there is a need to establish custom permission assignments tailored to their specific needs. For example, when collaborating with outsourced teams, it becomes crucial to grant permissions exclusively to the areas they are directly involved in, without providing unnecessary access. To address this requirement, env zero lets you control RBAC Permissions all the way to the granularity of a specific environment. With this feature, administrators can precisely define permissions at the environment level, ensuring that users are granted access only to the environments directly relevant to their tasks. This capability offers organizations the flexibility to maintain security, optimize collaboration, and tailor permissions according to specific teams or projects
Role To Contorl Environment AccessIn order to configure Environment Access, the assigning user needs to have the ASSIGN ROLE ON ENVIRONMENT permission.Project and Organization admins have that permission by default.Read more here

โ€‹
How to assign Access to an Environment

โ€‹
Preconditions

There are 2 things you need before assigning access to an environment:
  1. The Environment should exist beforehand
  2. You need to have a Custom Role with the specific permissions you wish to assign
RolesAt the moment - only custom roles are supported for environment access

โ€‹
Assigning Access

  1. Navigate to an existing environment, and click on the ACCESS tab
Interface screenshot showing configuration options
  1. While in that tab, you can assign access to either individual Users or entire Teams
  2. On the two tables, you can see the entire collection of users and teams in your organization (respectively)
  3. To assign one a role on the current environment, make sure the checkbox on the left-hand side is ticked, and select the role you wish to assign\
  4. Finally, hit โ€œsaveโ€\
And youโ€™re good to go!
Project ViewWhen a user is given permissions to a specific environment - they can see all ancestor projects leading up to it. This is purely for traversal, and they wonโ€™t have any other permissions for those projects, so keep in mind this is not the same as them having VIEW PROJECT permissions for the project tree
โŒ˜I