We grant project members the edit role on projects, primarily because we don't want users to be able to modify quota resources.
Unfortunately, the edit role is restrictive in other ways -- in particular, it does not allow project members to create roles and rolebindings in their project (see nerc-project/operations#128).
This is going to be a relatively common operation, so we should probably ensure these privileges are granted by default.