diff --git a/coderd/rbac/builtin.go b/coderd/rbac/builtin.go index 2fb4e6f251982..964eec3a7386f 100644 --- a/coderd/rbac/builtin.go +++ b/coderd/rbac/builtin.go @@ -127,6 +127,7 @@ var ( ResourceUser.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, // Full perms to manage org members ResourceOrganizationMember.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, + ResourceGroup.Type: {ActionCreate, ActionRead, ActionUpdate, ActionDelete}, }), } }, diff --git a/coderd/rbac/builtin_test.go b/coderd/rbac/builtin_test.go index 5c744d0d259a8..fc959b26f63cf 100644 --- a/coderd/rbac/builtin_test.go +++ b/coderd/rbac/builtin_test.go @@ -369,6 +369,15 @@ func TestRolePermissions(t *testing.T) { false: {memberMe, otherOrgAdmin, otherOrgMember, userAdmin}, }, }, + { + Name: "Groups", + Actions: []rbac.Action{rbac.ActionRead}, + Resource: rbac.ResourceGroup.InOrg(orgID), + AuthorizeMap: map[bool][]authSubject{ + true: {owner, orgAdmin, userAdmin, orgMemberMe}, + false: {memberMe, otherOrgAdmin, otherOrgMember, templateAdmin}, + }, + }, } for _, c := range testCases { diff --git a/docs/admin/users.md b/docs/admin/users.md index 78344c5fab37f..fb354ceda22f0 100644 --- a/docs/admin/users.md +++ b/docs/admin/users.md @@ -9,7 +9,7 @@ Coder offers these user roles in the community edition: | | User Admin | Template Admin | Owner | | ------------------------------------------ | ---------- | -------------- | ----- | | Add and remove Users | ✅ | | ✅ | -| Manage groups (enterprise) | | | | +| Manage groups (enterprise) | ✅ | | ✅ | | Change User roles | | | ✅ | | Manage **ALL** Templates | | ✅ | ✅ | | View, update and delete **ALL** Workspaces | | ✅ | ✅ |