Tenant owners can now provision users' tenant permissions allowing them to perform certain operations that were only available to tenant owners before. A tenant owner can edit any user's permissions in the User administration page, via our API, via JIT or via SCIM.

We are rolling this out with the following three new permissions:

• Audit log read

• Feature flag management

• Tunnel management

Please note that these permissions are separate for team roles, since they apply to operations that are not scoped to a specific team. Learn more in our documentation.