Sub-organization users can see Product Enforcements tab but cannot update setting

[syedmazharaliraza]

Describe the bug

In a sub-organization, the Product Enforcements tab is visible in Organization Settings, and users can interact with the toggle.
However, the update is backed by PATCH /api/v1/organization/:organizationId, which is parent-organization scoped, so sub-org users cannot actually apply the change.
This creates a misleading UI where an unavailable setting appears actionable.

To Reproduce

1. Log in with a user that has Settings access in a sub-organization.
2. Switch to a sub-organization context.
3. Go to Organization Settings.
4. Open Product Enforcements.
5. Toggle Unique Secret Sync Destination Policy.
6. Observe request/response behavior in network and UI feedback.

Expected behavior

Sub-organization users should not be shown root-only controls.

Screen recording

Screen.Recording.2026-03-30.at.11.10.03.PM.mov

Platform you are having the issue on:

• Web (Frontend)
• Local dev environment (http://localhost:8080)
• Browser: Chrome

Additional context

• Other root-scoped settings tabs (e.g. SSO, Provisioning, Security) are already hidden for sub-orgs, so this tab is inconsistent with existing UX.
• Backend permission enforcement correctly blocks child-org updates for this operation; the issue is frontend visibility/affordance mismatch.

[linear]

ENG-4768

[akhilmhdh]

Not sure about hiding - i think it can be controlled inside each suborg level. I have created a ticket internally for us to explore more on this.

Thank you for reporting this bug.

[syedmazharaliraza]

@akhilmhdh thank you for looking into this!