feat: policies on aggregates (#799)

* feat: move pw policy * feat: default pw complexity policy * fix: org password complexity policy * fix: org password complexity policy * fix: pw complexity policy with setup * fix: age and lockout policies on aggregates * fix: migration * fix: org iam policy * fix: org iam policy * fix: org iam policy * fix: tests * fix: policy request * fix: merge master * fix(console): policies frontend (#817) * fix policy build * fix: age, complexity, lockout policies * fix: ready return err of setup not done * fix: fix remove policies in spoolers * fix: fix remove policies in spoolers * feat(console): policy settings for iam and org (#824) * fix policy build * fix: age, complexity, lockout policies * fix pwd complexity * policy remove action * add imports * fix accounts card, enable mgmt login policy * lint * add iam policy to admin * toasts, i18n, show default * routing, i18n * reset policy, toast i18n, cleanup, routing * policy delete permission * lint style * delete iam policy * delete non project from grid list, i18n * lint ts, style * fix: remove instead delete * feat(console): delete external idp from user (#835) * dialog i18n, delete column and function * dialog i18n * fix rm button * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: revert env, rename policy, remove comments * fix: lowercase sich * fix: pr requests * Update internal/iam/repository/eventsourcing/eventstore_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: tests * fix: tests * fix(console): policies (#839) * fix: nil pointer on get userdata (#815) * fix: external login (#818) * fix: external login * fix: external login * feat(console): delete user (#819) * add action col to user table, i18n * delete user from detail component * lint * fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808) * fix: remove user.write guard for filtering * border color * fix user routing from member tables * idp detail layout * generic contact component * fix redirect to auth user, user grant disable * disable policy action without permission, i18n * user-create flex fix, contact ng-content * rm unused styles * sidenav divider * lint * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/mgechev/codelyzer/releases) - [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md) - [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular-devkit/build-angular in /console Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * create memberstable as common component * iam member cleanup * iam + org m table, user table service user avatar * toast config * fix selection emitter * fix project grant table width * project grant members refactor * theme optimizations * member table col delete * lint * fix table row color * refactor grey color * lint scss * org list redirect on click, fix user table undef * refresh table after grant add Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820) * i18n interceptor, set language to browser lang * nullcheck * rm external idp log * fix module imports, rm user displayname from i18n * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: delete external idps from users (#822) * fix(console): permission regex, account switcher null check, restrict app and member create access (#821) * fix member table disable, gerneal regexp * fix user session card, app disable * memberships max count * fix policy permissions * permission check for member add dialog * lint * rm accounts log * rm id regex * fix: handle usermemberships on project and project grant delete (#825) * fix: go handler Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix: tests * fix: not needed error handling Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch>
2025-12-13 17:02:11 +00:00 · 2020-10-15 10:27:13 +02:00
parent adb24a52fc
commit fbb30840f1
248 changed files with 23960 additions and 13843 deletions
--- a/console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.html
+++ b/console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.html
@@ -3,6 +3,29 @@
 <p class="top-desc">{{'IAM.POLICY.DESCRIPTION' | translate}}</p>

 <div class="row-lyt">
+    <ng-template appHasRole [appHasRole]="['iam.policy.read']">
+        <div class="p-item card">
+            <div class="avatar">
+                <mat-icon class="icon" svgIcon="mdi_textbox_password"></mat-icon>
+            </div>
+            <div class="title">
+                <span>{{'ORG.POLICY.PWD_COMPLEXITY.TITLE' | translate}}</span>
+                <button mat-icon-button disabled>
+                    <i *ngIf="complexityPolicy" class="icon las la-check-circle"></i>
+                </button>
+            </div>
+
+            <p class="desc">
+                {{'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION' | translate}}</p>
+
+            <span class="fill-space"></span>
+            <div class="btn-wrapper">
+                <button [disabled]="!complexityPolicy" [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]"
+                    mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+            </div>
+        </div>
+    </ng-template>
+
    <ng-template appHasRole [appHasRole]="['policy.read']">
        <div class="p-item card">
            <div class="avatar">
@@ -27,4 +50,29 @@
            </div>
        </div>
    </ng-template>
+
+    <ng-template appHasRole [appHasRole]="['iam.policy.read']">
+        <div class="p-item card">
+            <div class="avatar">
+                <i class="icon las la-gem"></i>
+            </div>
+            <div class="title">
+                <span>{{'ORG.POLICY.IAM_POLICY.TITLE' | translate}}</span>
+                <button mat-icon-button disabled>
+                    <i *ngIf="iamPolicy" class="icon las la-check-circle"></i>
+                </button>
+            </div>
+
+            <p class="desc">
+                {{'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate}}</p>
+
+            <span class="fill-space"></span>
+            <div class="btn-wrapper">
+                <ng-template appHasRole [appHasRole]="['iam.policy.write']">
+                    <button [disabled]="!iamPolicy" [routerLink]="[ 'policy', PolicyComponentType.IAM ]"
+                        mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+                </ng-template>
+            </div>
+        </div>
+    </ng-template>
 </div>
--- a/console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.ts
+++ b/console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.ts
@@ -1,6 +1,6 @@
 import { Component } from '@angular/core';
 import { PolicyComponentType } from 'src/app/modules/policies/policy-component-types.enum';
-import { DefaultLoginPolicy } from 'src/app/proto/generated/admin_pb';
+import { DefaultLoginPolicy, DefaultPasswordComplexityPolicyView, OrgIamPolicyView } from 'src/app/proto/generated/admin_pb';
 import { PolicyState } from 'src/app/proto/generated/management_pb';
 import { AdminService } from 'src/app/services/admin.service';

@@ -10,7 +10,9 @@ import { AdminService } from 'src/app/services/admin.service';
    styleUrls: ['./iam-policy-grid.component.scss'],
 })
 export class IamPolicyGridComponent {
+    public complexityPolicy!: DefaultPasswordComplexityPolicyView.AsObject;
    public loginPolicy!: DefaultLoginPolicy.AsObject;
+    public iamPolicy!: OrgIamPolicyView.AsObject;

    public PolicyState: any = PolicyState;
    public PolicyComponentType: any = PolicyComponentType;
@@ -23,5 +25,7 @@ export class IamPolicyGridComponent {

    private getData(): void {
        this.adminService.GetDefaultLoginPolicy().then(data => this.loginPolicy = data.toObject());
+        this.adminService.GetDefaultOrgIamPolicy().then(data => this.iamPolicy = data.toObject());
+        this.adminService.GetDefaultPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject());
    }
 }
--- a/console/src/app/pages/iam/iam-routing.module.ts
+++ b/console/src/app/pages/iam/iam-routing.module.ts
@@ -47,12 +47,49 @@ const routes: Routes = [
        ],
    },
    {
-        path: `policy/${PolicyComponentType.LOGIN}`,
-        data: {
-            serviceType: PolicyComponentServiceType.ADMIN,
-        },
-        loadChildren: () => import('src/app/modules/policies/login-policy/login-policy.module')
-            .then(m => m.LoginPolicyModule),
+        path: 'policy',
+        children: [
+            {
+                path: PolicyComponentType.AGE,
+                data: {
+                    serviceType: PolicyComponentServiceType.ADMIN,
+                },
+                loadChildren: () => import('src/app/modules/policies/password-age-policy/password-age-policy.module')
+                    .then(m => m.PasswordAgePolicyModule),
+            },
+            {
+                path: PolicyComponentType.LOCKOUT,
+                data: {
+                    serviceType: PolicyComponentServiceType.ADMIN,
+                },
+                loadChildren: () => import('src/app/modules/policies/password-lockout-policy/password-lockout-policy.module')
+                    .then(m => m.PasswordLockoutPolicyModule),
+            },
+            {
+                path: PolicyComponentType.COMPLEXITY,
+                data: {
+                    serviceType: PolicyComponentServiceType.ADMIN,
+                },
+                loadChildren: () => import('src/app/modules/policies/password-complexity-policy/password-complexity-policy.module')
+                    .then(m => m.PasswordComplexityPolicyModule),
+            },
+            {
+                path: PolicyComponentType.IAM,
+                data: {
+                    serviceType: PolicyComponentServiceType.ADMIN,
+                },
+                loadChildren: () => import('src/app/modules/policies/org-iam-policy/org-iam-policy.module')
+                    .then(m => m.OrgIamPolicyModule),
+            },
+            {
+                path: PolicyComponentType.LOGIN,
+                data: {
+                    serviceType: PolicyComponentServiceType.ADMIN,
+                },
+                loadChildren: () => import('src/app/modules/policies/login-policy/login-policy.module')
+                    .then(m => m.LoginPolicyModule),
+            },
+        ],
    },
 ];

--- a/console/src/app/pages/orgs/org-create/org-create.component.ts
+++ b/console/src/app/pages/orgs/org-create/org-create.component.ts
@@ -7,7 +7,7 @@ import { Router } from '@angular/router';
 import { take } from 'rxjs/operators';
 import { lowerCaseValidator, numberValidator, symbolValidator, upperCaseValidator } from 'src/app/pages/validators';
 import { CreateHumanRequest, CreateOrgRequest, Gender, OrgSetUpResponse } from 'src/app/proto/generated/admin_pb';
-import { PasswordComplexityPolicy } from 'src/app/proto/generated/auth_pb';
+import { PasswordComplexityPolicy as MgmtPasswordComplexityPolicy } from 'src/app/proto/generated/management_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 import { ManagementService } from 'src/app/services/mgmt.service';
@@ -57,7 +57,7 @@ export class OrgCreateComponent {
    public genders: Gender[] = [Gender.GENDER_FEMALE, Gender.GENDER_MALE, Gender.GENDER_UNSPECIFIED];
    public languages: string[] = ['de', 'en'];

-    public policy!: PasswordComplexityPolicy.AsObject;
+    public policy!: MgmtPasswordComplexityPolicy.AsObject;
    public usePassword: boolean = false;

    public forSelf: boolean = true;
--- a/console/src/app/pages/orgs/orgs-routing.module.ts
+++ b/console/src/app/pages/orgs/orgs-routing.module.ts
@@ -43,23 +43,35 @@ const routes: Routes = [
        children: [
            {
                path: PolicyComponentType.AGE,
+                data: {
+                    serviceType: PolicyComponentServiceType.MGMT,
+                },
                loadChildren: () => import('src/app/modules/policies/password-age-policy/password-age-policy.module')
                    .then(m => m.PasswordAgePolicyModule),
            },
            {
                path: PolicyComponentType.LOCKOUT,
+                data: {
+                    serviceType: PolicyComponentServiceType.MGMT,
+                },
                loadChildren: () => import('src/app/modules/policies/password-lockout-policy/password-lockout-policy.module')
                    .then(m => m.PasswordLockoutPolicyModule),
            },
            {
                path: PolicyComponentType.COMPLEXITY,
+                data: {
+                    serviceType: PolicyComponentServiceType.MGMT,
+                },
                loadChildren: () => import('src/app/modules/policies/password-complexity-policy/password-complexity-policy.module')
                    .then(m => m.PasswordComplexityPolicyModule),
            },
            {
                path: PolicyComponentType.IAM,
-                loadChildren: () => import('src/app/modules/policies/password-iam-policy/password-iam-policy.module')
-                    .then(m => m.PasswordIamPolicyModule),
+                data: {
+                    serviceType: PolicyComponentServiceType.MGMT,
+                },
+                loadChildren: () => import('src/app/modules/policies/org-iam-policy/org-iam-policy.module')
+                    .then(m => m.OrgIamPolicyModule),
            },
            {
                path: PolicyComponentType.LOGIN,
--- a/console/src/app/pages/orgs/policy-grid/policy-grid.component.html
+++ b/console/src/app/pages/orgs/policy-grid/policy-grid.component.html
@@ -3,34 +3,28 @@
 <p class="top-desc">{{'ORG.POLICY.DESCRIPTION' | translate}}</p>

 <div class="row-lyt">
-    <div class="p-item card">
-        <div class="avatar">
-            <mat-icon class="icon" svgIcon="mdi_textbox_password"></mat-icon>
-        </div>
-        <div class="title">
-            <span>{{'ORG.POLICY.PWD_COMPLEXITY.TITLE' | translate}}</span>
-            <button mat-icon-button disabled>
-                <i *ngIf="complexityPolicy" class="icon las la-check-circle"></i>
-            </button>
-        </div>
+    <ng-template appHasRole [appHasRole]="['iam.policy.read']">
+        <div class="p-item card">
+            <div class="avatar">
+                <mat-icon class="icon" svgIcon="mdi_textbox_password"></mat-icon>
+            </div>
+            <div class="title">
+                <span>{{'ORG.POLICY.PWD_COMPLEXITY.TITLE' | translate}}</span>
+                <button mat-icon-button disabled>
+                    <i *ngIf="complexityPolicy" class="icon las la-check-circle"></i>
+                </button>
+            </div>

-        <p *ngIf="complexityPolicy?.description; else showDescComplexity" class="desc">
-            {{ complexityPolicy.description }}</p>
-        <ng-template #showDescComplexity>
            <p class="desc">
                {{'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION' | translate}}</p>
-        </ng-template>

-        <span class="fill-space"></span>
-        <div class="btn-wrapper" *ngIf="(['policy.write'] | hasRole) as writePolicy$">
-            <button [disabled]="complexityPolicy || (writePolicy$ | async) == false"
-                [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY,'create' ]" color="primary"
-                mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
-            <button [disabled]="!complexityPolicy || (writePolicy$ | async) == false"
-                [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]" mat-stroked-button
-                [matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+            <span class="fill-space"></span>
+            <div class="btn-wrapper">
+                <button [disabled]="!complexityPolicy" [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]"
+                    mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+            </div>
        </div>
-    </div>
+    </ng-template>

    <ng-template appHasRole [appHasRole]="['iam.policy.read']">
        <div class="p-item card">
@@ -44,22 +38,15 @@
                </button>
            </div>

-            <p *ngIf="iamPolicy?.description; else showDescIAM" class="desc">
-                {{ iamPolicy.description }}</p>
-            <ng-template #showDescIAM>
-                <p class="desc">
-                    {{'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate}}</p>
-            </ng-template>
+            <p class="desc">
+                {{'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate}}</p>

            <span class="fill-space"></span>
-
-            <div class="btn-wrapper" *ngIf="(['iam.policy.write$'] | hasRole) as iamWritePolicy$">
-                <button [disabled]="iamPolicy || (iamWritePolicy$ | async) == false"
-                    [routerLink]="[ 'policy', PolicyComponentType.IAM,'create' ]" color="primary"
-                    mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
-                <button [disabled]="!iamPolicy || (iamWritePolicy$ | async) == false"
-                    [routerLink]="[ 'policy', PolicyComponentType.IAM ]" mat-stroked-button
-                    [matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+            <div class="btn-wrapper">
+                <ng-template appHasRole [appHasRole]="['iam.policy.write']">
+                    <button [disabled]="!iamPolicy" [routerLink]="[ 'policy', PolicyComponentType.IAM ]"
+                        mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+                </ng-template>
            </div>
        </div>
    </ng-template>
@@ -82,13 +69,11 @@
            </ng-template>

            <span class="fill-space"></span>
-            <div class="btn-wrapper" *ngIf="(['policy.write'] | hasRole) as writePolicy$">
-                <button [disabled]="loginPolicy || (writePolicy$ | async) == false"
-                    [routerLink]="[ 'policy', PolicyComponentType.LOGIN,'create' ]" color="primary"
-                    mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
-                <button [disabled]="!loginPolicy || (writePolicy$ | async) == false"
-                    [routerLink]="[ 'policy', PolicyComponentType.LOGIN ]" mat-stroked-button
-                    [matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+            <div class="btn-wrapper">
+                <ng-template appHasRole [appHasRole]="['policy.write']">
+                    <button [disabled]="!loginPolicy" [routerLink]="[ 'policy', PolicyComponentType.LOGIN ]"
+                        mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
+                </ng-template>
            </div>
        </div>
    </ng-template>
--- a/console/src/app/pages/orgs/policy-grid/policy-grid.component.ts
+++ b/console/src/app/pages/orgs/policy-grid/policy-grid.component.ts
@@ -1,7 +1,13 @@
 import { Component } from '@angular/core';
 import { PolicyComponentType } from 'src/app/modules/policies/policy-component-types.enum';
-import { LoginPolicy, OrgIamPolicy, PasswordComplexityPolicy, PolicyState } from 'src/app/proto/generated/management_pb';
+import {
+    LoginPolicyView,
+    OrgIamPolicyView,
+    PasswordComplexityPolicyView,
+    PolicyState,
+} from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
+import { ToastService } from 'src/app/services/toast.service';

@Component({
    selector: 'app-policy-grid',
@@ -9,21 +15,24 @@ import { ManagementService } from 'src/app/services/mgmt.service';
    styleUrls: ['./policy-grid.component.scss'],
 })
 export class PolicyGridComponent {
-    public complexityPolicy!: PasswordComplexityPolicy.AsObject;
-    public iamPolicy!: OrgIamPolicy.AsObject;
-    public loginPolicy!: LoginPolicy.AsObject;
+    public complexityPolicy!: PasswordComplexityPolicyView.AsObject;
+    public iamPolicy!: OrgIamPolicyView.AsObject;
+    public loginPolicy!: LoginPolicyView.AsObject;

    public PolicyState: any = PolicyState;
    public PolicyComponentType: any = PolicyComponentType;

    constructor(
-        private mgmtService: ManagementService,
+        public mgmtService: ManagementService,
+        private toast: ToastService,
    ) {
        this.getData();
    }

    private getData(): void {
-        this.mgmtService.GetPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject());
+        this.mgmtService.GetPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject()).catch(error => {
+            this.toast.showError(error);
+        });
        this.mgmtService.GetMyOrgIamPolicy().then(data => this.iamPolicy = data.toObject());
        this.mgmtService.GetLoginPolicy().then(data => {
            this.loginPolicy = data.toObject();
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.html
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.html
@@ -52,8 +52,12 @@
            }}</span>
            <span class="fill-space"></span>
        </div>
-        <button [ngClass]="{ selected: selection.isSelected(item)}" (click)="selection.toggle(item)" class="edit-button"
-            mat-icon-button>
+        <button *ngIf="item.projectId !== zitadelProjectId" matTooltip="{{'ACTIONS.DELETE' | translate}}" color="warn"
+            (click)="deleteProject(item)" class="delete-button" mat-icon-button>
+            <i class="las la-trash"></i>
+        </button>
+        <button matTooltip="{{'ACTIONS.PIN' | translate}}" [ngClass]="{ selected: selection.isSelected(item)}"
+            (click)="selection.toggle(item)" class="edit-button" mat-icon-button>
            <mat-icon *ngIf="selection.isSelected(item)" svgIcon="mdi_pin"></mat-icon>
            <mat-icon svgIcon="mdi_pin_outline" *ngIf="!selection.isSelected(item)"></mat-icon>
        </button>
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.scss
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.scss
@@ -112,6 +112,20 @@
      }
    }

+    .delete-button {
+      opacity: 0;
+      user-select: none;
+      position: absolute;
+      bottom: 0;
+      right: 30px;
+      margin: 0;
+      margin-bottom: .25rem;
+
+      &:not(:hover) {
+        color: #8795a1;
+      }
+    }
+
    .edit-button {
      opacity: 0;
      user-select: none;
@@ -130,12 +144,14 @@
    &:hover {
      box-shadow: 0 5px 10px rgba(0, 0, 0, .12);

+      .delete-button,
      .edit-button {
        opacity: 1;
      }
    }

    &.selected {
+      .delete-button,
      .edit-button {
        opacity: 1;
      }
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.ts
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.ts
@@ -1,11 +1,14 @@
 import { animate, animateChild, keyframes, query, stagger, style, transition, trigger } from '@angular/animations';
 import { SelectionModel } from '@angular/cdk/collections';
 import { Component, EventEmitter, Input, OnChanges, Output, SimpleChanges } from '@angular/core';
+import { MatDialog } from '@angular/material/dialog';
 import { Router } from '@angular/router';
+import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
 import { Org } from 'src/app/proto/generated/auth_pb';
 import { ProjectState, ProjectType, ProjectView } from 'src/app/proto/generated/management_pb';
-import { AuthenticationService } from 'src/app/services/authentication.service';
+import { ManagementService } from 'src/app/services/mgmt.service';
 import { StorageKey, StorageService } from 'src/app/services/storage.service';
+import { ToastService } from 'src/app/services/toast.service';

@Component({
    selector: 'app-owned-project-grid',
@@ -48,8 +51,14 @@ export class OwnedProjectGridComponent implements OnChanges {
    public showNewProject: boolean = false;
    public ProjectState: any = ProjectState;
    public ProjectType: any = ProjectType;
-
-    constructor(private router: Router, private authService: AuthenticationService, private storage: StorageService) {
+    @Input() public zitadelProjectId: string = '';
+    constructor(
+        private router: Router,
+        private dialog: MatDialog,
+        private storage: StorageService,
+        private mgmtService: ManagementService,
+        private toast: ToastService,
+    ) {
        this.selection.changed.subscribe(selection => {
            this.setPrefixedItem('pinned-projects', JSON.stringify(
                this.selection.selected.map(item => item.projectId),
@@ -123,4 +132,30 @@ export class OwnedProjectGridComponent implements OnChanges {
    public closeGridView(): void {
        this.changedView.emit(true);
    }
+
+    public deleteProject(item: ProjectView.AsObject): void {
+        const dialogRef = this.dialog.open(WarnDialogComponent, {
+            data: {
+                confirmKey: 'ACTIONS.DELETE',
+                cancelKey: 'ACTIONS.CANCEL',
+                titleKey: 'PROJECT.PAGES.DIALOG.DELETE.TITLE',
+                descriptionKey: 'PROJECT.PAGES.DIALOG.DELETE.DESCRIPTION',
+            },
+            width: '400px',
+        });
+
+        dialogRef.afterClosed().subscribe(resp => {
+            if (resp && item.projectId !== this.zitadelProjectId) {
+                this.mgmtService.RemoveProject(item.projectId).then(() => {
+                    this.toast.showInfo('PROJECT.TOAST.DELETED', true);
+                    const index = this.items.findIndex(iter => iter.projectId === item.projectId);
+                    if (index > -1) {
+                        this.items.splice(index, 1);
+                    }
+                }).catch(error => {
+                    this.toast.showError(error);
+                });
+            }
+        });
+    }
 }
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
@@ -1,5 +1,6 @@
-<app-owned-project-grid *ngIf="grid" [loading]="loading$ | async" (changedView)="grid = false"
-    [items]="ownedProjectList || []" (newClicked)="addProject()">
+<app-owned-project-grid [zitadelProjectId]="zitadelProjectId" *ngIf="grid && zitadelProjectId"
+    [loading]="loading$ | async" (changedView)="grid = false" [items]="ownedProjectList || []"
+    (newClicked)="addProject()">
 </app-owned-project-grid>

 <div *ngIf="!grid" class="view-toggle">
@@ -61,6 +62,16 @@
                    </td>
                </ng-container>

+                <ng-container matColumnDef="actions" stickyEnd>
+                    <th mat-header-cell *matHeaderCellDef></th>
+                    <td mat-cell *matCellDef="let project">
+                        <button *ngIf="project.projectId !== zitadelProjectId" color="warn" mat-icon-button
+                            matTooltip="{{'ACTIONS.DELETE' | translate}}" (click)="deleteProject(project.projectId)">
+                            <i class="las la-trash"></i>
+                        </button>
+                    </td>
+                </ng-container>
+
                <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
                <tr class="highlight" mat-row *matRowDef="let row; columns: displayedColumns;"
                    [routerLink]="['/projects', row.projectId]"></tr>
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.ts
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.ts
@@ -1,12 +1,14 @@
 import { animate, animateChild, query, stagger, style, transition, trigger } from '@angular/animations';
 import { SelectionModel } from '@angular/cdk/collections';
 import { Component, OnDestroy, OnInit, ViewChild } from '@angular/core';
+import { MatDialog } from '@angular/material/dialog';
 import { MatPaginator, PageEvent } from '@angular/material/paginator';
 import { MatTableDataSource } from '@angular/material/table';
 import { Router } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
 import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb';
 import { BehaviorSubject, Observable, Subscription } from 'rxjs';
+import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
 import { ProjectView } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -45,7 +47,7 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
    @ViewChild(MatPaginator) public paginator!: MatPaginator;

    public ownedProjectList: ProjectView.AsObject[] = [];
-    public displayedColumns: string[] = ['select', 'name', 'state', 'creationDate', 'changeDate'];
+    public displayedColumns: string[] = ['select', 'name', 'state', 'creationDate', 'changeDate', 'actions'];
    public selection: SelectionModel<ProjectView.AsObject> = new SelectionModel<ProjectView.AsObject>(true, []);

    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
@@ -54,11 +56,18 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
    public grid: boolean = true;
    private subscription?: Subscription;

+    public zitadelProjectId: string = '';
+
    constructor(private router: Router,
        public translate: TranslateService,
        private mgmtService: ManagementService,
        private toast: ToastService,
-    ) { }
+        private dialog: MatDialog,
+    ) {
+        this.mgmtService.GetIam().then(iam => {
+            this.zitadelProjectId = iam.toObject().iamProjectId;
+        });
+    }

    public ngOnInit(): void {
        this.getData(10, 0);
@@ -140,4 +149,29 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
        this.selection.clear();
        this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
    }
+
+    public deleteProject(item: ProjectView.AsObject): void {
+        const dialogRef = this.dialog.open(WarnDialogComponent, {
+            data: {
+                confirmKey: 'ACTIONS.DELETE',
+                cancelKey: 'ACTIONS.CANCEL',
+                titleKey: 'PROJECT.PAGES.DIALOG.DELETE.TITLE',
+                descriptionKey: 'PROJECT.PAGES.DIALOG.DELETE.DESCRIPTION',
+            },
+            width: '400px',
+        });
+
+        dialogRef.afterClosed().subscribe(resp => {
+            if (this.zitadelProjectId && resp && item.projectId !== this.zitadelProjectId) {
+                this.mgmtService.RemoveProject(item.projectId).then(() => {
+                    this.toast.showInfo('PROJECT.TOAST.DELETED', true);
+                    setTimeout(() => {
+                        this.refreshPage();
+                    }, 1000);
+                }).catch(error => {
+                    this.toast.showError(error);
+                });
+            }
+        });
+    }
 }
--- a/console/src/app/pages/projects/owned-projects/owned-projects.module.ts
+++ b/console/src/app/pages/projects/owned-projects/owned-projects.module.ts
@@ -20,6 +20,7 @@ import { CardModule } from 'src/app/modules/card/card.module';
 import { RefreshTableModule } from 'src/app/modules/refresh-table/refresh-table.module';
 import { SharedModule } from 'src/app/modules/shared/shared.module';
 import { UserGrantsModule } from 'src/app/modules/user-grants/user-grants.module';
+import { WarnDialogModule } from 'src/app/modules/warn-dialog/warn-dialog.module';
 import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.module';
 import { LocalizedDatePipeModule } from 'src/app/pipes/localized-date-pipe/localized-date-pipe.module';
 import { TimestampToDatePipeModule } from 'src/app/pipes/timestamp-to-date-pipe/timestamp-to-date-pipe.module';
@@ -51,6 +52,7 @@ import { OwnedProjectsComponent } from './owned-projects.component';
        MatInputModule,
        MatChipsModule,
        MatIconModule,
+        WarnDialogModule,
        MatButtonModule,
        MatProgressSpinnerModule,
        MatProgressBarModule,
--- a/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
+++ b/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
@@ -37,6 +37,16 @@
                <td mat-cell *matCellDef="let idp"> {{idp?.externalUserId}} </td>
            </ng-container>

+            <ng-container matColumnDef="actions" stickyEnd>
+                <th mat-header-cell *matHeaderCellDef></th>
+                <td mat-cell *matCellDef="let idp">
+                    <button mat-icon-button matTooltip="{{'ACTIONS.REMOVE' | translate}}"
+                        (click)="removeExternalIdp(idp)">
+                        <i class="las la-trash"></i>
+                    </button>
+                </td>
+            </ng-container>
+
            <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
            <tr class="highlight" mat-row *matRowDef="let row; columns: displayedColumns;">
            </tr>
--- a/console/src/app/pages/users/user-detail/external-idps/external-idps.component.ts
+++ b/console/src/app/pages/users/user-detail/external-idps/external-idps.component.ts
@@ -1,8 +1,10 @@
 import { SelectionModel } from '@angular/cdk/collections';
 import { Component, Input, OnInit, ViewChild } from '@angular/core';
+import { MatDialog } from '@angular/material/dialog';
 import { MatPaginator, PageEvent } from '@angular/material/paginator';
 import { MatTableDataSource } from '@angular/material/table';
 import { BehaviorSubject, Observable } from 'rxjs';
+import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';

 import { ExternalIDPView as AuthExternalIDPView } from '../../../../proto/generated/auth_pb';
 import {
@@ -29,9 +31,9 @@ export class ExternalIdpsComponent implements OnInit {
        = new SelectionModel<MgmtExternalIDPView.AsObject | AuthExternalIDPView.AsObject>(true, []);
    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
    public loading$: Observable<boolean> = this.loadingSubject.asObservable();
-    @Input() public displayedColumns: string[] = ['idpConfigId', 'idpName', 'externalUserId', 'externalUserDisplayName'];
+    @Input() public displayedColumns: string[] = ['idpConfigId', 'idpName', 'externalUserId', 'externalUserDisplayName', 'actions'];

-    constructor(private toast: ToastService) { }
+    constructor(private toast: ToastService, private dialog: MatDialog) { }

    ngOnInit(): void {
        this.getData(10, 0);
@@ -80,19 +82,35 @@ export class ExternalIdpsComponent implements OnInit {
    }

    public removeExternalIdp(idp: AuthExternalIDPView.AsObject | MgmtExternalIDPView.AsObject): void {
-        let promise;
-        if (this.service instanceof ManagementService) {
-            promise = (this.service as ManagementService).RemoveExternalIDP(idp.externalUserId, idp.idpConfigId, idp.userId);
-        } else if (this.service instanceof GrpcAuthService) {
-            promise = (this.service as GrpcAuthService).RemoveExternalIDP(idp.externalUserId, idp.idpConfigId);
-        }
+        const dialogRef = this.dialog.open(WarnDialogComponent, {
+            data: {
+                confirmKey: 'ACTIONS.REMOVE',
+                cancelKey: 'ACTIONS.CANCEL',
+                titleKey: 'USER.EXTERNALIDP.DIALOG.DELETE_TITLE',
+                descriptionKey: 'USER.EXTERNALIDP.DIALOG.DELETE_DESCRIPTION',
+            },
+            width: '400px',
+        });

-        if (promise) {
-            promise.then(_ => {
-                this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
-            }).catch((error: any) => {
-                this.toast.showError(error);
-            });
-        }
+        dialogRef.afterClosed().subscribe(resp => {
+            if (resp) {
+                let promise;
+                if (this.service instanceof ManagementService) {
+                    promise = (this.service as ManagementService)
+                        .RemoveExternalIDP(idp.externalUserId, idp.idpConfigId, idp.userId);
+                } else if (this.service instanceof GrpcAuthService) {
+                    promise = (this.service as GrpcAuthService)
+                        .RemoveExternalIDP(idp.externalUserId, idp.idpConfigId);
+                }
+
+                if (promise) {
+                    promise.then(_ => {
+                        this.refreshPage();
+                    }).catch((error: any) => {
+                        this.toast.showError(error);
+                    });
+                }
+            }
+        });
    }
 }