Permissions on Branch Configs Per User

Consider the following case where every team member has their own database access account when inside their vpn network. You may have a base config with the address but want to have everyone get their own password. For example:

With this setup, I would be able to see the other two users passwords and vice versa. It should be that I can’t see other team members passwords (but currently permissions are environment only - not branch by branch).

I think more fine grained permissions at a branch level would help structure a team workflow better here. However we can work around this and create environments for each team member - which should work as seen below:

What do you all think (are branch permissions too complex - or do they make sense)?

Thanks for your feedback @avaitla16!

While I can see the attraction of isolation at the branch config level, what is the requirement behind this?

We’ve had customers in the past who’ve required isolation at this level because they’re working with totally external contractors. In this case, contractors were service tokens scoped to their particular branch config so they had no secrets write access and no access to the Doppler dashboard.

If this is for internally employed staff, could you help me understand the importance of isolation from a security perspective?

Yes, it’s just that I shouldn’t see (or be able to use) your password that is only for you to connect to the database and you shouldn’t see mine (or be able to use mine). I then tell the team member ok your credentials are available here. We have an audit log in our database of which user logged in and when. But if everyone could see everyone else’s credentials that could be a problem since those users could log in as someone else and may have different grants on that database. From a compliance perspective we can say that every user has their own set of credentials for administrative tasks that are properly restricted.

Thanks for the details @avaitla16 and I can I understand why from a compliance perspective especially, that would be a great feature to have.

I believe our team might be looking to review our current permissions model in Q3 2021 and I’ll ensure this use case is brought into consideration.

Thanks again for your feedback and suggestions!

Have a look at this to get a better sense for the use case: https://www.avaitla16.com/composing-doppler-run-commands

That’s an awesome blog post! Thanks for taking the time to write that up.