diff options
| -rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index bc61ec6d97d..00550387db5 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -23,11 +23,14 @@ enum Policy { /** Full access to everything. */ operator(Privilege.grant(Action.all()) .on(PathGroup.allExcept(PathGroup.hostedAccountant)) - .in(SystemName.all())), + .in(SystemName.all()), + Privilege.grant(Action.read) + .on(PathGroup.hostedAccountant) + .in(SystemName.PublicCd)), /** Full access to everything. */ supporter(Privilege.grant(Action.read) - .on(PathGroup.allExcept(PathGroup.hostedAccountant)) + .on(PathGroup.all()) .in(SystemName.all())), /** Full access to user management for a tenant in select systems. */ |