Allow user management in all systems

2 files changed, 3 insertions, 4 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 5be1fd442e1..797ca10ed3d 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -104,8 +104,7 @@ public enum PathGroup {
                    "/application/v4/tenant/",
                    "/",
                    "/d/{*}",
-                   "/statuspage/v1/{*}"
-    ),
+                   "/statuspage/v1/{*}"),
 
     /** Paths providing public information. */
     publicInfo("/badge/v1/{*}",
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index 85b9fb63b2a..ddb3ec6725b 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -26,12 +26,12 @@ public enum Policy {
     /** Full access to user management for a tenant in select systems. */
     tenantManager(Privilege.grant(Action.all())
                            .on(PathGroup.tenantUsers)
-                           .in(SystemName.Public)),
+                           .in(SystemName.all())),
 
     /** Full access to user management for an application in select systems. */
     applicationManager(Privilege.grant(Action.all())
                                 .on(PathGroup.applicationUsers)
-                                .in(SystemName.Public)),
+                                .in(SystemName.all())),
 
     /** Access to create a user tenant in select systems. */
     userCreate(Privilege.grant(Action.update)