When I test Gemini 2.0.3, a logistic problem.
Affter Admin create a project and project Admin(pa) for this, pa set the Project Security Scheme to External allowing customers who creating account by themselves report bug with comment function.
Because Admin doesn't know which resource should be assigned to this project, pa assign the resources by himelf.
But When pa assign exist resources to this project, every resource just get the External Security.
This will make Admin have to manage the Security, when every project be created or any resource be changed.
That's illogical. That's should be pa's work.

Suggest:
Pa supposed to have the right to manage the resources Security who be assigned to the project, but pa also shouldn't be Admin.
Maybe it will be more functional.