Severity
Blocking a customer with the correct permissions from changing an Ephemeral Environment runbook
Version
2026.1.11461
Latest Version
I could reproduce the problem in the latest build
What happened?
A user who has the correct permissions to a project with ProjectEdit in the user role will see a ProjectEdit permission required button when trying to edit a Ephemeral Environment (EE) runbook in the EE Settings for that project, if that user role is scoped to a project group (that has the EE project in it).
User permissions include ProjectEdit and are scoped as per the below:
If that user then tries to edit a runbook in the EE settings for a project in that project group they get the permissions edit button and cannot save the runbook change:
If I take the project group scoping out:
The user can then change the EE Runbook:
Reproduction
- Create an EE environment.
- Create a project and add the EE environment, create the runbooks from the UI.
- Create a test user role and ensure you include the following permissions in the below screenshot.
- Create a test team, include a test user and include the test user role we created in task 3.
- Scope the test uer role to the project group the project from task 2 is in.
- Logon with the test user, try edit an EE runbook in the EE settings for that project, see the permissions Edit button.
- Unscope the user role from the project group in the Team.
- Log back on with the test user, change the EE runbook again and note you can now save it.
Min Permissions required:
Error and Stacktrace
More Information
Initial Customer Ticket (Internal) - https://octopuscd.zendesk.com/agent/tickets/206028
RnD - (Internal) - https://octopusdeploy.slack.com/archives/CNHBHV2BX/p1779791950060789
Workaround
Unscope the user role with the ProjectEdit permission in from the Project Group(s) - You will need to unscope them all.
You can always create a new unscoped user role with just ProjectEdit in and add that to a team as a temporary measure until a fix can be produced for this issue.
Severity
Blocking a customer with the correct permissions from changing an Ephemeral Environment runbook
Version
2026.1.11461
Latest Version
I could reproduce the problem in the latest build
What happened?
A user who has the correct permissions to a project with
ProjectEditin the user role will see aProjectEdit permission requiredbutton when trying to edit a Ephemeral Environment (EE) runbook in the EE Settings for that project, if that user role is scoped to a project group (that has the EE project in it).User permissions include
ProjectEditand are scoped as per the below:If that user then tries to edit a runbook in the EE settings for a project in that project group they get the permissions edit button and cannot save the runbook change:
If I take the project group scoping out:
The user can then change the EE Runbook:
Reproduction
Min Permissions required:
Error and Stacktrace
More Information
Initial Customer Ticket (Internal) - https://octopuscd.zendesk.com/agent/tickets/206028
RnD - (Internal) - https://octopusdeploy.slack.com/archives/CNHBHV2BX/p1779791950060789
Workaround
Unscope the user role with the
ProjectEditpermission in from the Project Group(s) - You will need to unscope them all.You can always create a new unscoped user role with just
ProjectEditin and add that to a team as a temporary measure until a fix can be produced for this issue.