Please add a deny / none role for collections and environments

[tcartwright]

Is there an existing request for this feature?

• I have searched the existing issues for this feature request and I know that duplicates will be closed

Is your feature request related to a problem?

Right now when someone is granted access to a workspace they are given viewer role and can see everything in the workspace. I would like a DENY / NONE role to be added so that users cannot see, export, or use certain items such as:

• collections
• environments

Describe the solution you'd like

PREFERRED: A NONE (verbiage???) workspace role. Then the user cannot use or see ANYTHING unless explicitly granted viewer / editor on that item. Viewers can still see everything.

ALTERNATIVE: A DENY role added. When a user is added to that role on an environment or collection they cannot physically see or use that environment or collection if they are added to the DENY role on that item.

Describe alternatives you've considered

• environments:

  • Removing the initial value. However this has a drawback in that every new user needs to be able to enter the current value, and they have to know not to enter the initial value. However, this does not block users from editing the initial value or exporting the environment.
  • Usage of a keyvault: This keeps users from seeing / exporting the values, but not using them. I also want them not to be able to use the values if denied. For example, I do not want some users to be able to use production api keys to pull back production PCI / HIPPA data.

• collections:

  • I could use personal collections and share them with specific users, but it would be preferable to keep the collections in one place so any changes do not need to be synchronized.

Additional context

No response