Our team needs to log into a shared portal to download documents.  The person in charge of managing these passwords is not an IT admin, but it seems like they need access to the Google Workspace admin to be able to manage passwords for shared apps.  I only want them to have access to Password Vaulted Apps.  I created a role giving access only to Password Vaulted Apps and assigned that user to the role, but they get a 403 error when they try to access the Password Vaulted Apps page.  Note that this user is on a separate OU and they don't have access to all of the users on the domain.  Some of the Password Vaulted Apps are assigned to users on another OU.