Is there a way to only allow a user to manage project permission grants instead of project owner?
I am looking to use Zitadel as an SSO authoriser and manager for a SaaS I am building.
As part of this I am trying to allow users to manage user grants for a project and nothing else so they can manage who's allowed access to their instance themselves without messing up our config for them.
I can see that there is an ORG_PROJECT_PERMISSION_EDITOR but is there one for just managing a single projects permissions?
I am currently using Zitadel Cloud but am not opposed to Self Hosting if need be.
https://zitadel.com/docs/guides/manage/console/managers
ZITADEL Docs
To configure managers in ZITADEL go to the resource where you like to add it (e.g Instance, Organization, Project, GrantedProject).
8 Replies
hi @Azure Byte the
PROJECT_OWNER grant lets you Manage everything within a project.Yes, but is there a way to only allow a user to manager the projects authorizations? Not just allow everything on a project
hi @Azure Byte Zitadel currently does not provide fine-grained permissions for project-level authorization management alone — at least not out-of-the-box.
Right. Would I be correct in thinking that you could do it using self hosted with custom manager roles?
Yes, with self-hosting, you can build your own permission logic using custom roles, but Zitadel itself won’t enforce scoped access like “can only manage grants for Project X”. You’ll need to handle this enforcement in your backend and UI layer.
Cool, thanks for the info 👍
Hi @Azure Byte please mark My answer with ✅ to mark it solved/closed.
Thanks
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@1346540274674827395>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀