Hi. I have the next grant string for my role in Org1 scope with next value:
But when I create new scope(project) in Org1 scope with recovery config, my user can’t access to this project.
Is it feature or bug? Or are there another ways to do the same?
Are you assuming that grants are inherited by sub-scopes (global → org → project)?
I made this assumption at first, but it is not correct, grants only ever apply to one scope. You need to create a grant for the new project before your user will be able to see it.
Part of my own confusion came from how the admin UI and auto-generated resources behave, there’s a lot of background here if you’re interested.
Yes, You’re right.
Thank You for your explanation.