Error while assigning access to a folder

[HartmannVolker]

Description

When trying to assign access to a folder I'm getting the error Error while checking for duplicate role assignments

The detailed error message shows that I'm getting a 403 Forbidden when fetching the members list of this folder:

│ 403 Forbidden, status code 403, Body:
│ {"timeStamp":"2025-11-20T07:43:55.167588278Z","path":"/v2/project/3084480c-****-426d-****-cb3ee104d456/members","status":403,"traceID":"85b0145317c4d26f93f5196fd39edcd2","error":"Forbidden","message":"unable to validate requester
│ permission: requester has no permission to read members to 3084480c-****-426d-****-cb3ee104d456: rpc error: code = PermissionDenied desc = requester has no permission"}

I'm using a service account with the owner role on the organisation. So far my understanding is that this owner role is inherited by all projects & folders.

Steps to reproduce

resource "stackit_authorization_project_role_assignment" "project_access" {
  for_each    = { for pa in local.project_access : "${pa.email}-${pa.project_id}" => pa }
  resource_id = each.value.project_id     # this is a folder resource_od
  role        = each.value.role           # I'm trying to assign the owner role for this folder
  subject     = each.value.email          # Actual user email, not a service account email
}

I'm using a service account with the owner role on organization level

Actual behavior

│ Error: Error while checking for duplicate role assignments
│ 
│   with stackit_authorization_project_role_assignment.project_access["<redacted>-3084480c-****-426d-****-cb3ee104d456"],
│   on project_access.tf line 76, in resource "stackit_authorization_project_role_assignment" "project_access":
│   76: resource "stackit_authorization_project_role_assignment" "project_access" {
│ 
│ 403 Forbidden, status code 403, Body:
│ {"timeStamp":"2025-11-20T07:43:55.167588278Z","path":"/v2/project/3084480c-****-426d-****-cb3ee104d456/members","status":403,"traceID":"85b0145317c4d26f93f5196fd39edcd2","error":"Forbidden","message":"unable to validate requester
│ permission: requester has no permission to read members to 3084480c-****-426d-****-cb3ee104d456: rpc error: code = PermissionDenied desc = requester has no permission"}
│ 

Expected behavior

The folder role assignments are created successfully.

Environment

• OS: MacOS 26.1
• Terraform version (see terraform --version): v1.13.5
• Version of the STACKIT Terraform provider: 0.71.0

[h3adex]

Hi Volker!
Folder Role-Assignment is currently in review: #1058. At the moment you can only assign roles via tf on project and org level.

kind regards,
Mauritz

[HartmannVolker]

Thanks for the heads-up @h3adex. I just assumed the stackit_authorization_project_role_assignment resource would work for a folder as well. Will do a refactoring on my side then and wait until the stackit_authorization_folder_role_assignment resource is available 👍
Keep it up 🚀