Genesyscloud_user 403 on Role Assignment via Terraform in US-1 Prod

Just noticed that applying genesyscloud_user fails with HTTP 403 when assigning a specific compliance role. Environment: US-1 Prod. Provider v1.15.4. Terraform v1.6.5.

Attempting to deploy user configurations via GitHub Actions. The role exists and is valid. Manual API call works fine. Terraform provider throws permission denied.

resource "genesyscloud_user" "compliance_agent" {
 name = "Test Agent"
 email = "[email protected]"
 
 role_ids = [
 "${genesyscloud_role.compliance_viewer.id}"
 ]
}

resource "genesyscloud_role" "compliance_viewer" {
 name = "Compliance Viewer"
 description = "Read-only access to compliance records"
 
 permissions {
 resource = "/api/v2/analytics/reporting"
 actions = ["read"]
 }
}

Error: Error creating user: POST /api/v2/users returned 403 Forbidden. Details: Insufficient permissions to assign role ‘compliance_viewer’ to user. Required privilege: org.admin.user.manage

The service account used by Terraform has org.admin.user.manage privilege. Verified via CLI:

$ genesys cloud users list --org-id <ORG_ID>
# Returns list successfully

However, the specific role assignment fails. Other roles (e.g., org.admin.team.manage) apply without issue. This suggests a conflict with the analytics_reporting scope or a hidden dependency in the compliance role definition.

Checked provider debug logs:

2023/10/27 10:15:32 [DEBUG] POST /api/v2/users
Headers: Authorization: Bearer <TOKEN>
Body: {"name": "Test Agent", "email": "[email protected]", "roleIds": ["<ROLE_UUID>"]}
Response: 403 Forbidden

Is there a known restriction on programmatic assignment of roles with analytics permissions? Or is this a bug in v1.15.4? Any workarounds appreciated. Timezone: Australia/Sydney. UTC+11.