Skip to content

Commit f7c62be

Browse files
scotwellsclaude
scotwells
and
claude
committed
feat: use iam-organization-admin instead of iam-admin in owner role
The iam-admin role includes permissions for platform-level resources (protectedresources, users) that are not scoped to organizations. The owner role is an organization-level role and should not grant access to platform-wide IAM resources. Switch to iam-organization-admin, which covers only org-scoped IAM resources: groups, groupmemberships, userinvitations, and policybindings. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent b5eb1a3 commit f7c62be

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

config/assignable-organization-roles/roles/datum-cloud-owner.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ spec:
1414
namespace: datum-cloud
1515
- name: core-admin
1616
namespace: milo-system
17-
- name: iam-admin
17+
- name: iam-organization-admin
1818
namespace: milo-system
1919
- name: networking.datumapis.com-admin
2020
namespace: milo-system

0 commit comments

Comments
 (0)