Primary-auth-method update forbidden

I can’t set the authentication method as the primary. (in the UI also).

Command:

boundary scopes update -primary-auth-method-id amldap_hrbWzw8PoY -id global -token env://BOUNDARY_TOKEN

Output:

Error from controller when performing update on scope

Error information:
  Kind:                PermissionDenied
  Message:             Forbidden.
  Status:              403
  context:             Error from controller when performing update on scope

There is a grant in the project_admin role:

ids=*;type=auth-method;actions=list,authenticate,update

This role was created according to the instructions:
https://developer.hashicorp.com/boundary/docs/install-boundary/initialize#project-admin-for-myuser

The configuration file is:
https://github.com/hashicorp/boundary-reference-architecture/blob/main/deployment/docker/compose/boundary.hcl

The system is deployed using compos:
https://github.com/hashicorp/boundary-reference-architecture/blob/main/deployment/docker/compose/docker-compose.yml

But the initialization was not performed by the run script specified in the repository, but by the following instructions:
https://developer.hashicorp.com/boundary/docs/install-boundary/initialize#create-your-first-login-account

What rights do I lack to perform this action and what exactly should I try to do?

Does the user you’re using have a grant to update the global scope? I believe, in this case, you’re setting a property on a scope resource (the “primary auth method” for this scope), so I don’t think the auth-method grant applies in this action.