diff options
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 3a42c0c6535..317229f9e9a 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -165,6 +165,8 @@ public class AthenzAccessControlService implements AccessControlService { private AthenzAssertion getApprovalAssertion(AthenzRole accessRole) { var approverRole = new AthenzRole(accessRole.domain(), "vespa-access-approver"); - return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members").build(); + return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members") + .effect(AthenzAssertion.Effect.ALLOW) + .build(); } } |