mirror of
https://github.com/zitadel/zitadel.git
synced 2025-04-23 19:21:31 +00:00
fix: add session roles to iam owner (#9413)
# Which Problems Are Solved Currently I am not able to run the new login with a service account with an IAM_OWNER role. As the role is missing some permissions which the LOGIN_CLIENT role does have # How the Problems Are Solved Added session permissions to the IAM_OWNER --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Fabienne Bühler
GitHub
parent
25c1d4b55f
commit
a5bc68fdad
@ -1297,6 +1297,8 @@ InternalAuthZ:
|
||||
- "userschema.read"
|
||||
- "userschema.write"
|
||||
- "userschema.delete"
|
||||
- "session.read"
|
||||
- "session.delete"
|
||||
- Role: "IAM_OWNER_VIEWER"
|
||||
Permissions:
|
||||
- "iam.read"
|
||||
@ -1332,6 +1334,7 @@ InternalAuthZ:
|
||||
- "action.target.read"
|
||||
- "action.execution.read"
|
||||
- "userschema.read"
|
||||
- "session.read"
|
||||
- Role: "IAM_ORG_MANAGER"
|
||||
Permissions:
|
||||
- "org.read"
|
||||
|
||||
@ -26,6 +26,7 @@ import AddManager from "./_add_manager.mdx";
|
||||
| IAM User Manager | IAM_USER_MANAGER | Manage all users and their authorizations over all organizations |
|
||||
| IAM Admin Impersonator | IAM_ADMIN_IMPERSONATOR | Allow impersonation of admin and end users from all organizations |
|
||||
| IAM Impersonator | IAM_END_USER_IMPERSONATOR | Allow impersonation of end users from all organizations |
|
||||
| IAM Login Client | IAM_LOGIN_CLIENT | Get all permissions needed to implement your own Login UI. |
|
||||
| Org Owner | ORG_OWNER | Manage everything within an organization |
|
||||
| Org Owner Viewer | ORG_OWNER_VIEWER | View everything within an organization |
|
||||
| Org User Manager | ORG_USER_MANAGER | Manage users and their authorizations within an organization |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user