The use case is to have a Project Admin-like role but without access to backend credentials. The solution is to either introduce a new role between Admin and Manager or to give Manager permissions to manage secrets, e.g. via default_permissions.allow_managers_manage_secrets with a False default.
Manager role should not get new permissions by default as it's a bad practice to broaden the permissions of built-in roles.
The use case is to have a Project Admin-like role but without access to backend credentials. The solution is to either introduce a new role between Admin and Manager or to give Manager permissions to manage secrets, e.g. via
default_permissions.allow_managers_manage_secretswith aFalsedefault.Manager role should not get new permissions by default as it's a bad practice to broaden the permissions of built-in roles.