Limiting Resource Credentials in Environments

jneuharth_9094

We would like to limit down specific resource credentials by the environment. Below is a resource credential we set up. Notice the environment is set to "Production."

I have a plan where I'm pulling this Resource Credential and handing it to a global script to set the specific values I'm looking for. For a rough example:

set $myUsername = $GetCredentialProperty(UsernamePassword::ExampleDBProduction, UserName);
set $myPassword = $GetCredentialProperty(UsernamePassword::ExampleDBProduction, Password);

PSCall GLOBAL::Secure-Test
(
    username: $myUsername,
    password: $myPassword,
);

I have set "Agents.EnforceServerRestrictions" to be on.

I have also limited the user (or group) as a restriction on the task/permissions.

But I'm able to pull the Resource Credential that was limited to "Production" to "Test" with my user that is also restricted from "Production".

Is this a bug or do I have something wrong in the setup.

Product: BuildMaster
Version: 5.8.2

thoven

This exact feature was added in v6.0; in that version there is another checkbox when editing the resource credential to "Restrict by environment" and it behaves exactly as you describe.

As a side note, the Agents.EnforceServerRestrictions setting is designed to catch server/environment mismatches (i.e. error out when deploying to stage associated with Integration and targeting a server associated with Production) when deploying and will not affect credentials.

jneuharth_9094

@Todd

Upgraded to version 6.0.4 and was able to block the access to the creditial in the plan as expected.

With that said, I'm still able to access the credential via the administration area (/administration/credentials). Logging in with my limited user I can see the following (including the hidden if I open it).

As a reminder here is the "restriction" I have set up for the limited user.

Jeremy Neuharth

Found the follow-up issue as a user error. After upgrading to 6.0.x the feature worked as expected.