@@ -307,7 +307,8 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
307307 Identifier : RoleAuditor (),
308308 DisplayName : "Auditor" ,
309309 Site : Permissions (map [string ][]policy.Action {
310- ResourceAuditLog .Type : {policy .ActionRead },
310+ ResourceAssignOrgRole .Type : {policy .ActionRead },
311+ ResourceAuditLog .Type : {policy .ActionRead },
311312 // Allow auditors to see the resources that audit logs reflect.
312313 ResourceTemplate .Type : {policy .ActionRead , policy .ActionViewInsights },
313314 ResourceUser .Type : {policy .ActionRead },
@@ -327,7 +328,8 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
327328 Identifier : RoleTemplateAdmin (),
328329 DisplayName : "Template Admin" ,
329330 Site : Permissions (map [string ][]policy.Action {
330- ResourceTemplate .Type : ResourceTemplate .AvailableActions (),
331+ ResourceAssignOrgRole .Type : {policy .ActionRead },
332+ ResourceTemplate .Type : ResourceTemplate .AvailableActions (),
331333 // CRUD all files, even those they did not upload.
332334 ResourceFile .Type : {policy .ActionCreate , policy .ActionRead },
333335 ResourceWorkspace .Type : {policy .ActionRead },
0 commit comments