I want to create a centralized Release Management server, for our customers but in my tests I'm not able to secure that our components will be safe from change mistakes. For example:
My test was like that: User 1 - Release Manager (with all permissions) User 2 - Ordinary user (just permission for approvals)
Logged with my User 1 - Release Manager (with all permissions)
First of all I ensured that only Release Managers will have access, and be able to see that release template:
I created a new component:
Then I logged with my User 2 - Ordinary user (just permission for approvals)
Firstly I can't see the release template I set permissions above in the release template list. Then I went to the components list and I'm able to see the same component, and even change it.
The main problem is that after done that, it impacts the releases for all release templates that contains that Component.
I hope to be wrong, and that someone should clarify it to me, that we may secure somehow all components with permission and so on. Any ideas?
Adding security for components is on our backlog. Thanks for the feedback. vNext components do not have tool or execution command stored in them. So, they are a little safer from this issue. Nevertheless, they do have configuration, and you would want to protect that configuration. This feature will be added sometime this year.