Allow tenant and application roles read access to user membershpis

author: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-04-09 15:52:51 +0200
committer: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-04-09 15:52:51 +0200
commit: 5e93724525afd988f0c619ff44a33b285740aab1 (patch)
tree: 88095f671f3d86c6d9613e55a574375abad1871b /controller-api
parent: 88ac3b324745dd95ecc4b783e5e4ffcc5137968f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index ddb3ec6725b..db4cca20b9a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -55,7 +55,7 @@ public enum Policy {
 
     /** Read access to tenant information and settings. */
     tenantRead(Privilege.grant(Action.read)
-                        .on(PathGroup.tenant, PathGroup.tenantInfo)
+                        .on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers)
                         .in(SystemName.all())),
 
     /** Access to create application under a certain tenant. */
author	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-04-09 15:52:51 +0200
committer	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-04-09 15:52:51 +0200
commit	5e93724525afd988f0c619ff44a33b285740aab1 (patch)
tree	88095f671f3d86c6d9613e55a574375abad1871b /controller-api
parent	88ac3b324745dd95ecc4b783e5e4ffcc5137968f (diff)