coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 2 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 2 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/rbac/object_gen.go
Lines changed: 11 additions & 0 deletions b/‎coderd/rbac/object_gen.go
Lines changed: 11 additions & 0 deletions
diff --git a/‎coderd/rbac/policy/policy.go
Lines changed: 8 additions & 0 deletions b/‎coderd/rbac/policy/policy.go
Lines changed: 8 additions & 0 deletions
diff --git a/‎coderd/rbac/roles.go
Lines changed: 1 addition & 0 deletions b/‎coderd/rbac/roles.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/rbac/roles_test.go
Lines changed: 14 additions & 0 deletions b/‎coderd/rbac/roles_test.go
Lines changed: 14 additions & 0 deletions
diff --git a/‎codersdk/rbacresources_gen.go
Lines changed: 2 additions & 0 deletions b/‎codersdk/rbacresources_gen.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/api/members.md
Lines changed: 3 additions & 0 deletions b/‎docs/api/members.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/api/schemas.md
Lines changed: 1 addition & 0 deletions b/‎docs/api/schemas.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎site/src/api/rbacresources_gen.ts
Lines changed: 6 additions & 0 deletions b/‎site/src/api/rbacresources_gen.ts
Lines changed: 6 additions & 0 deletions
diff --git a/‎site/src/api/typesGenerated.ts
Lines changed: 2 additions & 0 deletions b/‎site/src/api/typesGenerated.ts
Lines changed: 2 additions & 0 deletions
@@ -255,4 +255,12 @@ var RBACPermissions = map[string]PermissionDefinition{
 			ActionDelete: actDef(""),
 		},
 	},
+	"frobulator": {
+		Actions: map[Action]ActionDefinition{
+			ActionCreate: actDef(""),
+			ActionRead:   actDef(""),
+			ActionUpdate: actDef(""),
+			ActionDelete: actDef(""),
+		},
+	},
 }
@@ -264,6 +264,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
 			Permissions(map[string][]policy.Action{
 				ResourceWorkspace.Type:        ownerWorkspaceActions,
 				ResourceWorkspaceDormant.Type: {policy.ActionRead, policy.ActionDelete, policy.ActionCreate, policy.ActionUpdate, policy.ActionWorkspaceStop},
+				ResourceFrobulator.Type:       {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
 			})...),
 		Org:  map[string][]Permission{},
 		User: []Permission{},
 
@@ -630,6 +630,20 @@ func TestRolePermissions(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:     "OnlyAdminsCanFrobulate",
+			Actions:  []policy.Action{policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
+			Resource: rbac.ResourceFrobulator,
+			AuthorizeMap: map[bool][]hasAuthSubjects{
+				true: {owner},
+				false: {
+					orgAdmin, otherOrgAdmin, orgMemberMe,
+					memberMe, userAdmin, templateAdmin,
+					orgAuditor, orgUserAdmin, orgTemplateAdmin,
+					otherOrgMember, otherOrgAuditor, otherOrgUserAdmin, otherOrgTemplateAdmin,
+				},
+			},
+		},
 	}
 
 	// We expect every permission to be tested above.
 
@@ -44,6 +44,12 @@ export const RBACResourceActions: Partial<
     create: "create a file",
     read: "read files",
   },
+  frobulator: {
+    create: "",
+    delete: "",
+    read: "",
+    update: "",
+  },
   group: {
     create: "create a group",
     delete: "delete a group",