Auditing and permissions with Octopus Deploy

Auditing and permissions in Octopus

Octopus has a rich and powerful permissions model, and full auditing, ensuring you can restrict who can deploy to production, and meet your compliance requirements.

Try for free

Control who can deploy to production

Octopus Deploy provides the most value when it is used by your whole team. Developers and testers might be allowed to deploy specific projects to pre-production environments, but not production environments. Stakeholders might be permitted to view certain projects, but not modify or deploy them. To support these scenarios, Octopus supports a permissions system based around the concept of teams.

Learn more →

Control who on your team has permission to deploy to certain environments.

Control who can make production changes

If you would like to empower your team or decrease the workload of the release manager, you can grant permission for individual team members to push to various environments. For example, testers could be empowered to push to testing environments or certain devs or team leads could be empowered to push to dev environments.

Octopus Deploy also lets you define who can make production changes.

Ensure releases have been tested prior to production

Use Lifecycles in Octopus to define the phases in your deployment process, and ensure that releases can't be deployed to production unless they've been tested first.

Ensure releases have been fully tested in testing or UAT environments before you push to production environments.

A complete audit trail

Octopus leaves behind a full audit trail of who did what and where, and captures diffs of changes made to configuration variables or deployment processes.

Octopus leaves behind a full SOX compliant audit trail so you can know precisely who made what change, when and where.

SOX & PCI-DSS compliance

The permissions model and auditing in Octopus help to maintain separation of duties and visibility over production changes, helping to meet your PCI-DSS and Sarbaines-Oxley requirements.

Retain visibility over what changes are being made to production. Octopus helps you meet your PCI-DSS and SOX compliance requirements.

Active Directory integration

Use groups in Active Directory to manage the teams users are associated with, giving you a central, standard place to grant and revoke deployment permissions.

Active directory lets users manage their teams more efficiently.