From fb06aed2385f73145678937ef788b63f02ab3d20 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 28 Jul 2021 14:14:51 +0200 Subject: [PATCH] fix: grant "policy.read" to every role (label and privacy policy necessary in console) (#2089) --- cmd/zitadel/authz.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/zitadel/authz.yaml b/cmd/zitadel/authz.yaml index d1f5227d5d..4a22bad21c 100644 --- a/cmd/zitadel/authz.yaml +++ b/cmd/zitadel/authz.yaml @@ -175,11 +175,13 @@ InternalAuthZ: - Role: 'ORG_PROJECT_CREATOR' Permissions: - "user.global.read" + - "policy.read" - "project.read:self" - "project.create" - Role: 'PROJECT_OWNER' Permissions: - "org.global.read" + - "policy.read" - "project.read" - "project.write" - "project.delete" @@ -206,6 +208,7 @@ InternalAuthZ: - "user.membership.read" - Role: 'PROJECT_OWNER_VIEWER' Permissions: + - "policy.read" - "project.read" - "project.member.read" - "project.role.read" @@ -219,6 +222,7 @@ InternalAuthZ: - Role: 'PROJECT_OWNER_GLOBAL' Permissions: - "org.global.read" + - "policy.read" - "project.read" - "project.write" - "project.delete" @@ -238,6 +242,7 @@ InternalAuthZ: - "user.membership.read" - Role: 'PROJECT_OWNER_VIEWER_GLOBAL' Permissions: + - "policy.read" - "project.read" - "project.member.read" - "project.role.read" @@ -249,6 +254,7 @@ InternalAuthZ: - "user.membership.read" - Role: 'PROJECT_GRANT_OWNER' Permissions: + - "policy.read" - "org.global.read" - "project.read" - "project.grant.read" @@ -263,6 +269,7 @@ InternalAuthZ: - "user.membership.read" - Role: 'PROJECT_GRANT_OWNER_VIEWER' Permissions: + - "policy.read" - "project.read" - "project.grant.read" - "project.grant.member.read"