diff --git a/pkg/auth/user.go b/pkg/auth/user.go
index 29e879457bebc4da201ce126c6c140e02989f2c0..933ec98b1ce5a45916d1cf9d47bb7fcfd618514e 100644
--- a/pkg/auth/user.go
+++ b/pkg/auth/user.go
@@ -309,6 +309,10 @@ func (u *UserPrincipal) Rules(ctx context.Context, spaceID, envID string) permis
 		return nil
 	}
 
+	if role.AllowManagement {
+		return permission.PrivilegedRuleset{}
+	}
+
 	if !hasEnvironmentAccess(ctx, u.environments, role, envID) {
 		return nil
 	}