coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 79 additions & 31 deletions b/‎coderd/apidoc/docs.go
Lines changed: 79 additions & 31 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 73 additions & 31 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 73 additions & 31 deletions
diff --git a/‎coderd/rbac/policy/policy.go
Lines changed: 3 additions & 1 deletion b/‎coderd/rbac/policy/policy.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎coderd/rbac/roles.go
Lines changed: 3 additions & 3 deletions b/‎coderd/rbac/roles.go
Lines changed: 3 additions & 3 deletions
@@ -222,14 +222,16 @@ var RBACPermissions = map[string]PermissionDefinition{
 			ActionRead:   actDef("view what roles are assignable"),
 			ActionDelete: actDef("ability to unassign roles"),
 			ActionCreate: actDef("ability to create/delete/edit custom roles"),
+			ActionUpdate: actDef("ability to edit custom roles"),
 		},
 	},
 	"assign_org_role": {
 		Actions: map[Action]ActionDefinition{
 			ActionAssign: actDef("ability to assign org scoped roles"),
 			ActionRead:   actDef("view what roles are assignable"),
 			ActionDelete: actDef("ability to delete org scoped roles"),
-			ActionCreate: actDef("ability to create/delete/edit custom roles within an organization"),
+			ActionCreate: actDef("ability to create/delete custom roles within an organization"),
+			ActionUpdate: actDef("ability to edit custom roles within an organization"),
 		},
 	},
 	"oauth2_app": {
 
@@ -340,10 +340,10 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
 		Identifier:  RoleUserAdmin(),
 		DisplayName: "User Admin",
 		Site: Permissions(map[string][]policy.Action{
-			ResourceAssignRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead},
+			ResourceAssignRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead, policy.ActionUpdate},
 			// Need organization assign as well to create users. At present, creating a user
 			// will always assign them to some organization.
-			ResourceAssignOrgRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead},
+			ResourceAssignOrgRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead, policy.ActionUpdate},
 			ResourceUser.Type: {
 				policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete,
 				policy.ActionUpdatePersonal, policy.ActionReadPersonal,
@@ -458,7 +458,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
 				Org: map[string][]Permission{
 					organizationID.String(): Permissions(map[string][]policy.Action{
 						// Assign, remove, and read roles in the organization.
-						ResourceAssignOrgRole.Type:      {policy.ActionAssign, policy.ActionDelete, policy.ActionRead},
+						ResourceAssignOrgRole.Type:      {policy.ActionAssign, policy.ActionDelete, policy.ActionRead, policy.ActionUpdate},
 						ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
 						ResourceGroup.Type:              ResourceGroup.AvailableActions(),
 					}),