As a security administrator, I need to be able to assign a support role that has production rights only, but no rights to pre-production environments. This is to keep in line with PCI DSS requirements for separation of duties whereby developers do not have access to production, support engineers only have access to production, and the build management process is the only role that has access to both. For more details on this topic, you can reference support ticket 1064080
