Minimum Octopus user privileges required for polling tentacle installation

meustace's Avatar

meustace

05 Jan, 2017 12:10 PM

Hello,

We need to install a polling tentacle on a client's server. The client will be installing the tentacle themselves as we do not have access.

As part of the polling tentacle installation, an Octopus user is required for authentication with the Octopus server instance.

What are the least amount of privileges required on an account for a polling tentacle to operate as required?

Thank you, Michael

  1. Support Staff 1 Posted by Dalmiro Grañas on 08 Jan, 2017 03:02 PM

    Dalmiro Grañas's Avatar

    Hi Michael,

    Thanks for reaching out. There are 2 accounts in place in this process that you need to be aware of:

    A) The Octopus Account that will be used to register the Tentacle with the Octopus Server. What you can do is create a service account with only the below permissions and hand over the API Key of that account to your client, so they can only add/edit Tentacles and not trigger deployments and other stuff

    MachineCreate
    MachineEdit
    MachineView
    EnvironmentEdit
    EnvironmentView
    

    B) The Windows/AD Account that will be used to run the Tentacle Service on the windows VM. During all the deployments executed by this Tentacle, all actions will be taken on behalf of this account.

    Let me know if that's clear enough :)

    Regards,
    Dalmiro

  2. Paul Stovell closed this discussion on 08 Apr, 2017 02:07 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac