From 05019f91a36b14064d0c41385315c5936ca0aeb5 Mon Sep 17 00:00:00 2001
From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com>
Date: Tue, 1 Oct 2024 18:41:35 +0200
Subject: [PATCH 1/2] fix: define Web Modeler Admin role in identity

---
 .../templates/identity/configmap.yaml                 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/charts/camunda-platform-alpha/templates/identity/configmap.yaml b/charts/camunda-platform-alpha/templates/identity/configmap.yaml
index e5bd730ee9..42b5d032ed 100644
--- a/charts/camunda-platform-alpha/templates/identity/configmap.yaml
+++ b/charts/camunda-platform-alpha/templates/identity/configmap.yaml
@@ -166,6 +166,8 @@ data:
               permissions:
                 - definition: write:*
                   description: "Write permission"
+                - definition: admin:*
+                  description: "Admin permission"
             - name: Web Modeler API
               audience: {{ .Values.global.identity.auth.webModeler.publicApiAudience | default "web-modeler-public-api" | quote }}
               permissions:
@@ -185,6 +187,15 @@ data:
                   definition: write:*
                 - audience: {{ include "identity.authAudience" . | default "camunda-identity-resource-server" | quote }}
                   definition: read:users
+            - name: "Web Modeler Admin"
+              description: "Grants elevated access to Web Modeler"
+              permissions:
+                - audience: {{ include "identity.authAudience" . | default "camunda-identity-resource-server" | quote }}
+                  definition: read:users
+                - audience: {{ .Values.global.identity.auth.webModeler.clientApiAudience | default "web-modeler-api" | quote }}
+                  definition: write:*
+                - audience: {{ .Values.global.identity.auth.webModeler.clientApiAudience | default "web-modeler-api" | quote }}
+                  definition: admin:*
         zeebe:
           apis:
             - name: Zeebe API

From 372ae039f8e62e357f2cb0e41e93888d1aaecf87 Mon Sep 17 00:00:00 2001
From: "distro-ci[bot]" <122795778+distro-ci[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 16:43:16 +0000
Subject: [PATCH 2/2] chore: Update golden files

---
 .../test/unit/identity/golden/configmap.golden.yaml   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml b/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml
index f9b6cde312..851e83a48c 100644
--- a/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml
+++ b/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml
@@ -159,6 +159,8 @@ data:
               permissions:
                 - definition: write:*
                   description: "Write permission"
+                - definition: admin:*
+                  description: "Admin permission"
             - name: Web Modeler API
               audience: "web-modeler-public-api"
               permissions:
@@ -178,6 +180,15 @@ data:
                   definition: write:*
                 - audience: "camunda-identity-resource-server"
                   definition: read:users
+            - name: "Web Modeler Admin"
+              description: "Grants elevated access to Web Modeler"
+              permissions:
+                - audience: "camunda-identity-resource-server"
+                  definition: read:users
+                - audience: "web-modeler-api"
+                  definition: write:*
+                - audience: "web-modeler-api"
+                  definition: admin:*
         zeebe:
           apis:
             - name: Zeebe API