From 4dabecd8d4dac0240dcf07206474c58f16118791 Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Thu, 30 Jul 2020 12:25:42 +0200
Subject: [PATCH] feat: implement better role concept (#540)

---
 cmd/zitadel/authz.yaml | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/cmd/zitadel/authz.yaml b/cmd/zitadel/authz.yaml
index 8ac7c24331..10d1babd8d 100644
--- a/cmd/zitadel/authz.yaml
+++ b/cmd/zitadel/authz.yaml
@@ -105,7 +105,7 @@ InternalAuthZ:
         - "project.grant.user.grant.read"
         - "project.grant.user.grant.write"
         - "project.grant.user.grant.delete"
-    - Role: 'ORG_OWNER'
+    - Role: 'ORG_OWNER_VIEWER'
       Permissions:
         - "org.read"
         - "org.member.read"
@@ -120,6 +120,38 @@ InternalAuthZ:
         - "project.grant.read"
         - "project.grant.member.read"
         - "project.grant.user.grant.read"
+    - Role: 'ORG_USER_PERMISSION_EDITOR'
+      Permissions:
+        - "org.read"
+        - "org.member.read"
+        - "user.read"
+        - "user.grant.read"
+        - "user.grant.write"
+        - "user.grant.delete"
+        - "policy.read"
+        - "project.read"
+        - "project.member.read"
+        - "project.role.read"
+        - "project.app.read"
+        - "project.grant.read"
+        - "project.grant.member.read"
+    - Role: 'ORG_PROJECT_PERMISSION_EDITOR'
+      Permissions:
+        - "org.read"
+        - "org.member.read"
+        - "user.read"
+        - "user.grant.read"
+        - "user.grant.write"
+        - "user.grant.delete"
+        - "policy.read"
+        - "project.read"
+        - "project.member.read"
+        - "project.role.read"
+        - "project.app.read"
+        - "project.grant.read"
+        - "project.grant.write"
+        - "project.grant.delete"
+        - "project.grant.member.read"
     - Role: 'ORG_PROJECT_CREATOR'
       Permissions:
         - "project.read:self"