diff --git a/devops/gcp/deploy/templates/partition-authorization-policy.yml b/devops/gcp/deploy/templates/partition-authorization-policy.yml
index 8b7d4e9fe32c5ecbf884a3749c0fdf5f28ff8812..0d305dcaae2f88a5ac05dcb14c76871405f50261 100644
--- a/devops/gcp/deploy/templates/partition-authorization-policy.yml
+++ b/devops/gcp/deploy/templates/partition-authorization-policy.yml
@@ -14,22 +14,27 @@ spec:
 {{- toYaml $spec.matchLabels | nindent 6 }}
   action: ALLOW
   rules:
-  {{- range $rule := $spec.rules }}
   - from:
     - source:
-        principals: 
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
+        principals:
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-catalog
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-conversion
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/seismic-store
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/unit
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/well-delivery
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/wks
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/workflow
     to:
     - operation:
         methods:
@@ -39,14 +44,15 @@ spec:
   - from:
     - source:
         principals: 
-         - cluster.local/ns/{{ $rule.bootstrap_namespace }}/sa/workload-gke-bootstrap-sa
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/bootstrap-sa
     to:
     - operation:
         methods:
         - POST
+        - PUT
         - PATCH
+        - GET
         paths:
         - /api/partition/v1/*
 {{- end }}
 {{- end }}
-{{- end }}
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index b69b3a639bbc2661c18ad08b72603c00eb9b1bd9..3b61511bd4dacf1382003359e02627b24e6a22f8 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -25,5 +25,3 @@ authorizations:
   partitionPolicy:
     matchLabels:
       app: partition
-    rules:
-      - bootstrap_namespace: config