1 files changed, 7 insertions, 3 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java
index a88e38e5f89..363dc348ad3 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java
@@ -36,9 +36,14 @@ public class CloudAccessControl implements AccessControl {
         CloudTenantSpec spec = (CloudTenantSpec) tenantSpec;
         CloudTenant tenant = CloudTenant.create(spec.tenant(), defaultBillingInfo);
 
-        for (Role role : Roles.tenantRoles(spec.tenant()))
+        for (Role role : Roles.tenantRoles(spec.tenant())) {
             userManagement.createRole(role);
-        userManagement.addUsers(Role.tenantOwner(spec.tenant()), List.of(new UserId(credentials.user().getName())));
+        }
+
+        var userId = List.of(new UserId(credentials.user().getName()));
+        userManagement.addUsers(Role.administrator(spec.tenant()), userId);
+        userManagement.addUsers(Role.developer(spec.tenant()), userId);
+        userManagement.addUsers(Role.reader(spec.tenant()), userId);
 
         return tenant;
     }
@@ -60,7 +65,6 @@ public class CloudAccessControl implements AccessControl {
     public void createApplication(TenantAndApplicationId id, Credentials credentials) {
         for (Role role : Roles.applicationRoles(id.tenant(), id.application()))
             userManagement.createRole(role);
-        userManagement.addUsers(Role.applicationAdmin(id.tenant(), id.application()), List.of(new UserId(credentials.user().getName())));
     }
 
     @Override