summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java4
1 files changed, 3 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 3a42c0c6535..317229f9e9a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -165,6 +165,8 @@ public class AthenzAccessControlService implements AccessControlService {
private AthenzAssertion getApprovalAssertion(AthenzRole accessRole) {
var approverRole = new AthenzRole(accessRole.domain(), "vespa-access-approver");
- return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members").build();
+ return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members")
+ .effect(AthenzAssertion.Effect.ALLOW)
+ .build();
}
}