From c5d0c109da35999c44c5975b1b08a529bbe7ed90 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 21 Feb 2023 09:31:35 +0100
Subject: [PATCH] fix: allow "org.read" and "policy.read" on ORG_USER_MANAGER
 (#5256)

---
 cmd/defaults.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 02157293fe..e70d6b221d 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -874,6 +874,7 @@ InternalAuthZ:
         - "project.grant.member.delete"
     - Role: "ORG_USER_MANAGER"
       Permissions:
+        - "org.read"
         - "user.read"
         - "user.global.read"
         - "user.write"
@@ -882,6 +883,7 @@ InternalAuthZ:
         - "user.grant.write"
         - "user.grant.delete"
         - "user.membership.read"
+        - "policy.read"
         - "project.read"
         - "project.role.read"
     - Role: "ORG_OWNER_VIEWER"