diff --git a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
index eec699d..7ca12a5 100644
--- a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
+++ b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-51ca9db578a2820945a06c2b1f6661c4ee51d76a"
+    tag: "r-58fcf0ca3e3e5b189ec00c971320c3f2a1b493b0"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
index c04582c..6fc8797 100644
--- a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -116,6 +116,21 @@
             <param-value>false</param-value>
         </init-param>
     </filter>
+    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+    <filter>
+        <filter-name>Authorization_Forbidden_Roles_nevisIdm.Root_SAML_SP_nevisidm_operations_Realm</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
+        <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+        <init-param>
+            <param-name>DynamicRoleAcquire</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+        <init-param>
+            <param-name>RolesForbidden</param-name>
+            <param-value>nevisIdm.Root</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://ae3127e7a6869fea8b850ad9 -->
     <filter>
         <filter-name>Authorization_Required_Roles_AGOV-Art.Access_SAML_SP_nevisidm_operations_Realm</filter-name>
@@ -131,6 +146,21 @@
             <param-value>AGOV-Art.Access</param-value>
         </init-param>
     </filter>
+    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+    <filter>
+        <filter-name>Authorization_Required_Roles_nevisIdm.Helpdesk_nevisIdm.TemplateAdmin_nevisIdm.UserAndUnitAdmin_nevisIdm.AppAdmin_nevisIdm.UserAdmin_nevisIdm.AppOwner_nevisIdm.EnterpriseRoleAdmin_nevisIdm.ClientRoot_SAML_SP_nevisidm_operations_Realm</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
+        <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+        <init-param>
+            <param-name>DynamicRoleAcquire</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+        <init-param>
+            <param-name>RolesRequired</param-name>
+            <param-value>nevisIdm.Helpdesk nevisIdm.TemplateAdmin nevisIdm.UserAndUnitAdmin nevisIdm.AppAdmin nevisIdm.UserAdmin nevisIdm.AppOwner nevisIdm.EnterpriseRoleAdmin nevisIdm.ClientRoot</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://13ea034de32c190083ba9e35, pattern://13ea034de32c190083ba9e35#nevisIDM -->
     <filter>
         <filter-name>CSRFRewrite_nevisIDM_Operations_Administration_GUI</filter-name>
@@ -706,6 +736,16 @@
         <filter-name>Authorization_Required_Roles_AGOV-Art.Access_SAML_SP_nevisidm_operations_Realm</filter-name>
         <url-pattern>/art/*</url-pattern>
     </filter-mapping>
+    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+    <filter-mapping>
+        <filter-name>Authorization_Required_Roles_nevisIdm.Helpdesk_nevisIdm.TemplateAdmin_nevisIdm.UserAndUnitAdmin_nevisIdm.AppAdmin_nevisIdm.UserAdmin_nevisIdm.AppOwner_nevisIdm.EnterpriseRoleAdmin_nevisIdm.ClientRoot_SAML_SP_nevisidm_operations_Realm</filter-name>
+        <url-pattern>/nevisidm/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
+    <filter-mapping>
+        <filter-name>Authorization_Forbidden_Roles_nevisIdm.Root_SAML_SP_nevisidm_operations_Realm</filter-name>
+        <url-pattern>/nevisidm/*</url-pattern>
+    </filter-mapping>
     <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
     <filter-mapping>
         <filter-name>Token_NEVIS_SecToken</filter-name>