## New Features - Write This Down: In this release, users of Identity and Access Management v1 (IAM v1) **automatically upgrade** to Identity and Access Management v2 (IAM v2). All IAM v1 users, teams, tokens, and policies will migrate to IAM v2. Some details to keep in mind: - [API Tokens](https://automate.chef.io/docs/api-tokens/) created in the browser work differently in IAM v2. After [creation](https://automate.chef.io/docs/api-tokens/#creating-api-tokens), an API token will have zero permissions. Add the new API token to a policy to grant permissions. - Creating admin API Tokens from the CLI in IAM v2 uses a [new command](https://automate.chef.io/docs/api-tokens/#admin-tokens). The old CLI command will not work. - If your IAM v1 local team names contain non-alphanumeric characters other than hyphens and underscores, recreate these local teams and add them to policies for correct function in IAM v2. - Editor and Viewer roles change in IAM v2 from using the broad `infra:*` authorization action to more specific authorization actions, such as `infra:nodeManagers:*` and `infra:nodes:*`. We recommend updating the authorization actions for your custom roles accordingly. - Amazed: Set [Data Lifecycle settings](https://automate.chef.io/docs/data-lifecycle/) directly in the browser! - Every Morning: All appropriate views in Compliance Reports include Waiver information for nodes, profiles, and individual controls. ## Bug Fixes - Believe: Compliance Reports appear and correctly filter by Job ID after you click on **Report** for a listed Scan Job on the _Scan Jobs_ page. - Lately: Projects filter as expected when a page refreshes. - I Need to Know: Chef Habitat Builder deployed with Chef Automate completes backups without failing. - Someday: The previously scheduled time appears correctly when editing a Scan Job schedule. - No Scrubs: Status counts in Compliance Reports display accurate numbers regardless of status filters. ## Backward Incompatibilities - From This Moment On: All API calls for removing or adding users to a team now expect `membership_ids` rather than `user_ids`.