diff --git a/service/internal/auth/casbin.go b/service/internal/auth/casbin.go
index 5e15e7ef75..7e3cf518c2 100644
--- a/service/internal/auth/casbin.go
+++ b/service/internal/auth/casbin.go
@@ -60,6 +60,9 @@ p,	role:org-admin,		/resource-mappings*,										*,			allow
 p,	role:org-admin,		/key-access-servers*,										*,			allow
 p,	role:org-admin, 	/kas/v2/rewrap,						  		        *,      allow
 p,	role:org-admin,		/unsafe*,										            *,			allow
+p,	role:org-admin,		/v1/entitlements,						  				        *,      allow
+p,	role:org-admin,		/v1/authorization,						  				        *,      allow
+p,	role:org-admin,		/v1/token/authorization,						  				        *,      allow
 
 # Role: Admin
 ## gRPC routes
@@ -76,6 +79,10 @@ p,	role:admin,		/subject-mappings*,													*,			allow
 p,	role:admin,		/resource-mappings*,												*,			allow
 p,	role:admin,		/key-access-servers*,												*,			allow
 p,	role:admin,		/kas/v2/rewrap,						  				        *,      allow
+p,	role:admin,		/v1/entitlements,						  				        *,      allow
+p,	role:admin,		/v1/authorization,						  				        *,      allow
+p,	role:admin,		/v1/token/authorization,						  				        *,      allow
+
 
 ## Role: Standard
 ## gRPC routes