update docs for resource-level permissioning (#25571)

AdamBouhmad · dcpena · web-flow · commit e4bc0a5401b6 · 2025-10-02T17:18:32.000-05:00
* update docs for resource-level permissioning

* Update src/content/docs/fundamentals/manage-members/roles.mdx

Co-authored-by: Denise Peña &lt;75506267+dcpena@users.noreply.github.com&gt;

* Apply suggestions from code review

Co-authored-by: Denise Peña &lt;75506267+dcpena@users.noreply.github.com&gt;

---------

Co-authored-by: Denise Peña &lt;75506267+dcpena@users.noreply.github.com&gt;
diff --git a/src/content/docs/fundamentals/manage-members/roles.mdx b/src/content/docs/fundamentals/manage-members/roles.mdx
@@ -99,4 +99,20 @@ Domain-scoped roles apply for a given domain within an account.
 | Domain Waiting Room Admin      | Can edit [waiting rooms](/waiting-room/) configuration.                                                                                                                                                                       |
 | Domain Waiting Room Read       | Can read [waiting rooms](/waiting-room/) configuration.                                                                                                                                                                       |
 | Zone Versioning                | Grants full access to [Zone Versioning](/version-management/).                                                                                                                                                                |
-| Zone Versioning Read           | Grants read-only access to [Zone Versioning](/version-management/).                                                                                                                                                           |
+| Zone Versioning Read           | Grants read-only access to [Zone Versioning](/version-management/).                                                                                                                                                           |
+
+
+
+## Resource-scoped roles
+
+Resource-scoped roles apply for a specific resource within an account.
+
+:::note
+Resource-scoped roles is currently in Beta.
+:::
+
+| Role                           | Description                                                                                                                                                                                                                   |
+| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Cloudflare Access App Admin                 | Grants full access to a specific Access Application in an account.                                                                                            |
+| Cloudflare Access Identity Provider Admin             | Grants full access to a specific Access identity provider(IdP) in an account.                                                                                            |
+| Access for Infrastructure Target Admin           | Grants full access to a specific Access for Infrastructure. Target in an account |                                                                                                                                                        |
diff --git a/src/content/docs/fundamentals/manage-members/scope.mdx b/src/content/docs/fundamentals/manage-members/scope.mdx
@@ -85,3 +85,15 @@ With Domain Groups, you can only assign [domain-scoped roles](/fundamentals/mana
 
 
 :::
+
+
+### Specific Resources
+
+If you want the member to have a policy that applies to a specific resource, use the following combination of fields.
+
+| Field    | Value               |
+| -------- | ------------------- |
+| Operator | *Include*           |
+| Type     | *Granular* |
+| Product  | *Product Name* |
+| Resource  | *Specific Resource* |
