From 692d12bb32e905275986b905bcd8df7f4519dbef Mon Sep 17 00:00:00 2001
From: Blake Geno <blakegeno@gmail.com>
Date: Fri, 16 Aug 2024 10:32:16 -0400
Subject: [PATCH] [WOR-865] Allow rawls to specify the user it is acting on
 behalf of (#1518)

* add admin action to specify the acting user, and add to rawls role

* add action to correct role
---
 src/main/resources/reference.conf | 3 +++
 src/main/resources/sam.conf       | 1 +
 2 files changed, 4 insertions(+)

diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
index 69f9a8f5f..3dde1994b 100644
--- a/src/main/resources/reference.conf
+++ b/src/main/resources/reference.conf
@@ -36,6 +36,9 @@ resourceTypes = {
       admin_read_summary_information = {
         description = "view summary information on resources of this resource type"
       }
+      admin_specify_acting_user = {
+        description = "specify a different user that is preforming a given action on the resource"
+      }
     }
 
     ownerRoleName = "owner"
diff --git a/src/main/resources/sam.conf b/src/main/resources/sam.conf
index ee98fd026..68849c22c 100644
--- a/src/main/resources/sam.conf
+++ b/src/main/resources/sam.conf
@@ -333,6 +333,7 @@ resourceAccessPolicies {
         memberEmails = [
           ${?RAWLS_SERVICE_ACCOUNT}
         ]
+        actions = ["admin_specify_acting_user"]
         descendantPermissions = [
           {
             resourceTypeName = "spend-profile",