diff --git a/src/auth/permissions.ts b/src/auth/permissions.ts
index 485bc6ed..0b73fe79 100644
--- a/src/auth/permissions.ts
+++ b/src/auth/permissions.ts
@@ -203,6 +203,11 @@ export const AUTH_PERMISSIONS = {
      * Can move projects associated with this cluster to any step of the workflow.
      */
     PROJECT_WORKFLOW_MOVE_IF_PLAN_UNLOCKED: 'projectWorkflowMoveIfPlanUnlocked',
+    /**
+     * Can edit access and permissions of all projects.
+     */
+    MODIFY_ACCESS_AND_PERMISSIONS_OF_PROJECTS:
+      'canModifyAccessAndPermissionsOfProjects',
   },
 } as const;
 
diff --git a/src/auth/roles.ts b/src/auth/roles.ts
index 26fb6f27..95661ced 100644
--- a/src/auth/roles.ts
+++ b/src/auth/roles.ts
@@ -330,6 +330,7 @@ export const calculatePermissionsFromRolesGrant = async <
         geSet.add(P.governingEntity.EDIT_DATA);
         geSet.add(P.governingEntity.EDIT_PROJECTS);
         geSet.add(P.governingEntity.PROJECT_WORKFLOW_MOVE_IF_PLAN_UNLOCKED);
+        geSet.add(P.governingEntity.MODIFY_ACCESS_AND_PERMISSIONS_OF_PROJECTS);
         planSet.add(P.plan.VIEW_DATA);
       }
     }