In every organization, there is a need to establish custom permission assignments tailored to their specific needs. For example, when collaborating with outsourced teams, it becomes crucial to grant permissions exclusively to the areas they are directly involved in, without providing unnecessary access. To address this requirement, env0 lets you control RBAC Permissions all the way to the granularity of a specific environment.

With this feature, administrators can precisely define permissions at the environment level, ensuring that users are granted access only to the environments directly relevant to their tasks. This capability offers organizations the flexibility to maintain security, optimize collaboration, and tailor permissions according to specific teams or projects

🚧

Role To Contorl Environment Access

In order to configure Environment Access, the assigning user needs to have the ASSIGN ROLE ON ENVIRONMENT permission.

Project and Organization admins have that permission by default.

Read more here

How to assign Access to an Environment

Preconditions

There are 2 things you need before assigning access to an environment:

  1. The Environment should exist beforehand
  2. You need to have a Custom Role with the specific permissions you wish to assign

🚧

Roles

At the moment - only custom roles are supported for environment access

Assigning Access

  1. Navigate to an existing environment, and click on the ACCESS tab
  1. While in that tab, you can assign access to either individual Users or entire Teams
  2. On the two tables, you can see the entire collection of users and teams in your organization (respectively)
  3. To assign one a role on the current environment, make sure the checkbox on the left-hand side is ticked, and select the role you wish to assign
  4. Finally, hit "save"

And you're good to go!

🚧

Project View

When a user is given permissions to a specific environment - they can see all ancestor projects leading up to it. This is purely for traversal, and they won't have any other permissions for those projects, so keep in mind this is not the same as them having VIEW PROJECT permissions for the project tree