We have observed that Harness project-level RBAC is independent of organization-level RBAC. Our organization manages Harness SMP access at the org level by our ICAM (idp) and would like project-level permissions to also be governed by org-level RBAC policies. Currently, users who have been removed from org-level access can still retain project-level permissions, which is not desired.

Is there a way to enforce project-level RBAC to follow org-level RBAC, so that permissions are consistently managed across both levels by ICAM?

Currently, our org-level RBAC grants permissions to all child projects and resources. We want revoking org-level RBAC to automatically override or revoke any existing child project-level access.