From fd855e84c3156774fc7f4d381c900d7eccda3ad8 Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Mon, 25 May 2026 20:08:02 +0000
Subject: [PATCH] docs: clarify role requirements for compliance actions

---
 security-and-compliance/soc2-hipaa.mdx | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/security-and-compliance/soc2-hipaa.mdx b/security-and-compliance/soc2-hipaa.mdx
index 268f28f..2fd3e60 100644
--- a/security-and-compliance/soc2-hipaa.mdx
+++ b/security-and-compliance/soc2-hipaa.mdx
@@ -4,3 +4,12 @@ description: "Enable instant SOC 2 and HIPAA compliance for your infrastructure
 ---
 
 Porter supports one-click compliant infrastructure, which ensures SOC2/HIPAA compliance for all AWS infrastructure that is managed by Porter, including EKS, RDS, S3, and auxiliary services like Cloudwatch so all infra controls on compliance management platforms such as [Oneleet](https://www.oneleet.com/) and [Thoropass](https://www.thoropass.com/) pass instantly.
+
+## Required project role[](#required-project-role "Direct link to heading")
+
+Anyone with access to a Porter project can view the compliance dashboard, including the list of vendor checks and the provisioning status of each cluster. Actions that change infrastructure are restricted by [project role](/security-and-compliance/role-based-access-control):
+
+* **Admin** and **Developer**: can enable compliance controls and re-run infrastructure provisioning for failing clusters.
+* **Viewer**: can review compliance status only. The **Enable controls** button and **Re-run infrastructure provisioning** links are hidden, and a message in the action banner explains that admin or developer access is required.
+
+If you open the cost-consent dialog without the required role, the **Enable controls** action is replaced with a **Dismiss** button and an inline notice. Ask a project admin to change your role from **Settings → Members** if you need to perform these actions.