feat: add some manager roles (#2585)

* feat: add some manager roles * feat: add some manager roles * fix indent Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 05:07:31 +00:00 · 2021-10-28 13:22:25 +02:00
parent f1afdef7fb
commit c190d5d1b7
2 changed files with 88 additions and 1 deletions
--- a/cmd/zitadel/authz.yaml
+++ b/cmd/zitadel/authz.yaml
@@ -94,6 +94,78 @@ InternalAuthZ:
        - "project.app.read"
        - "project.grant.read"
        - "project.grant.member.read"
+    - Role: 'IAM_ORG_MANAGER'
+      Permissions:
+        - "org.read"
+        - "org.global.read"
+        - "org.create"
+        - "org.write"
+        - "org.member.read"
+        - "org.member.write"
+        - "org.member.delete"
+        - "org.idp.read"
+        - "org.idp.write"
+        - "org.idp.delete"
+        - "org.action.read"
+        - "org.action.write"
+        - "org.action.delete"
+        - "org.flow.read"
+        - "org.flow.write"
+        - "org.flow.delete"
+        - "user.read"
+        - "user.global.read"
+        - "user.write"
+        - "user.delete"
+        - "user.grant.read"
+        - "user.grant.write"
+        - "user.grant.delete"
+        - "user.membership.read"
+        - "features.read"
+        - "policy.read"
+        - "policy.write"
+        - "policy.delete"
+        - "project.read"
+        - "project.create"
+        - "project.write"
+        - "project.delete"
+        - "project.member.read"
+        - "project.member.write"
+        - "project.member.delete"
+        - "project.role.read"
+        - "project.role.write"
+        - "project.role.delete"
+        - "project.app.read"
+        - "project.app.write"
+        - "project.app.delete"
+        - "project.grant.read"
+        - "project.grant.write"
+        - "project.grant.delete"
+        - "project.grant.member.read"
+        - "project.grant.member.write"
+        - "project.grant.member.delete"
+    - Role: 'IAM_USER_MANAGER'
+      Permissions:
+        - "org.read"
+        - "org.global.read"
+        - "org.member.read"
+        - "org.member.delete"
+        - "user.read"
+        - "user.global.read"
+        - "user.write"
+        - "user.delete"
+        - "user.grant.read"
+        - "user.grant.write"
+        - "user.grant.delete"
+        - "user.membership.read"
+        - "features.read"
+        - "project.read"
+        - "project.member.read"
+        - "project.role.read"
+        - "project.app.read"
+        - "project.grant.read"
+        - "project.grant.write"
+        - "project.grant.delete"
+        - "project.grant.member.read"
    - Role: 'ORG_OWNER'
      Permissions:
        - "org.read"
@@ -142,6 +214,18 @@ InternalAuthZ:
        - "project.grant.member.read"
        - "project.grant.member.write"
        - "project.grant.member.delete"
+    - Role: 'ORG_USER_MANAGER'
+      Permissions:
+        - "user.read"
+        - "user.global.read"
+        - "user.write"
+        - "user.delete"
+        - "user.grant.read"
+        - "user.grant.write"
+        - "user.grant.delete"
+        - "user.membership.read"
+        - "project.read"
+        - "project.role.read"
    - Role: 'ORG_OWNER_VIEWER'
      Permissions:
        - "org.read"
@@ -300,4 +384,4 @@ InternalAuthZ:
        - "user.read"
        - "user.global.read"
        - "user.grant.read"
-        - "user.membership.read"
+        - "user.membership.read"