coder
diff --git a/‎coderd/provisionerdserver/provisionerdserver.go
+6 b/‎coderd/provisionerdserver/provisionerdserver.go
+6
diff --git a/‎coderd/provisionerdserver/provisionerdserver_test.go
+4-1 b/‎coderd/provisionerdserver/provisionerdserver_test.go
+4-1
diff --git a/‎provisioner/terraform/provision.go
+6 b/‎provisioner/terraform/provision.go
+6
diff --git a/‎provisioner/terraform/provision_test.go
+40 b/‎provisioner/terraform/provision_test.go
+40
@@ -594,6 +594,11 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
 			})
 		}
 
+		ownerRbacRoles := []string{}
+		for _, role := range owner.RBACRoles {
+			ownerRbacRoles = append(ownerRbacRoles, role)
+		}
+
 		protoJob.Type = &proto.AcquiredJob_WorkspaceBuild_{
 			WorkspaceBuild: &proto.AcquiredJob_WorkspaceBuild{
 				WorkspaceBuildId:      workspaceBuild.ID.String(),
@@ -621,6 +626,7 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
 					WorkspaceOwnerSshPrivateKey:   ownerSSHPrivateKey,
 					WorkspaceBuildId:              workspaceBuild.ID.String(),
 					WorkspaceOwnerLoginType:       string(owner.LoginType),
+					WorkspaceOwnerRbacRoles:       ownerRbacRoles,
 				},
 				LogLevel: input.LogLevel,
 			},
 
@@ -187,7 +187,9 @@ func TestAcquireJob(t *testing.T) {
 			ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
 			defer cancel()
 
-			user := dbgen.User(t, db, database.User{})
+			user := dbgen.User(t, db, database.User{
+				RBACRoles: []string{"member"},
+			})
 			group1 := dbgen.Group(t, db, database.Group{
 				Name:           "group1",
 				OrganizationID: pd.OrganizationID,
@@ -376,6 +378,7 @@ func TestAcquireJob(t *testing.T) {
 						WorkspaceOwnerSshPrivateKey:   sshKey.PrivateKey,
 						WorkspaceBuildId:              build.ID.String(),
 						WorkspaceOwnerLoginType:       string(user.LoginType),
+						WorkspaceOwnerRbacRoles:       []string{user.RBACRoles[0]},
 					},
 				},
 			})
 
@@ -242,6 +242,11 @@ func provisionEnv(
 		return nil, xerrors.Errorf("marshal owner groups: %w", err)
 	}
 
+	ownerRbacRoles, err := json.Marshal(metadata.GetWorkspaceOwnerRbacRoles())
+	if err != nil {
+		return nil, xerrors.Errorf("marshal owner rbac roles: %w", err)
+	}
+
 	env = append(env,
 		"CODER_AGENT_URL="+metadata.GetCoderUrl(),
 		"CODER_WORKSPACE_TRANSITION="+strings.ToLower(metadata.GetWorkspaceTransition().String()),
@@ -254,6 +259,7 @@ func provisionEnv(
 		"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY="+metadata.GetWorkspaceOwnerSshPublicKey(),
 		"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY="+metadata.GetWorkspaceOwnerSshPrivateKey(),
 		"CODER_WORKSPACE_OWNER_LOGIN_TYPE="+metadata.GetWorkspaceOwnerLoginType(),
+		"CODER_WORKSPACE_OWNER_RBAC_ROLES="+string(ownerRbacRoles),
 		"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),
 		"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),
 		"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),
 
@@ -764,6 +764,46 @@ func TestProvision(t *testing.T) {
 				}},
 			},
 		},
+		{
+			Name:       "workspace-owner-rbac-roles",
+			SkipReason: "field will be added in provider version 2.2.0",
+			Files: map[string]string{
+				"main.tf": `terraform {
+					required_providers {
+					  coder = {
+						source  = "coder/coder"
+						version = "2.2.0"
+					  }
+					}
+				}
+
+				resource "null_resource" "example" {}
+				data "coder_workspace_owner" "me" {}
+				resource "coder_metadata" "example" {
+					resource_id = null_resource.example.id
+					item {
+						key = "rbac_roles"
+						value = data.coder_workspace_owner.me.rbac_roles[0]
+					}
+				}
+				`,
+			},
+			Request: &proto.PlanRequest{
+				Metadata: &proto.Metadata{
+					WorkspaceOwnerRbacRoles: []string{"member"},
+				},
+			},
+			Response: &proto.PlanComplete{
+				Resources: []*proto.Resource{{
+					Name: "example",
+					Type: "null_resource",
+					Metadata: []*proto.Resource_Metadata{{
+						Key:   "rbac_roles",
+						Value: "member",
+					}},
+				}},
+			},
+		},
 	}
 
 	for _, testCase := range testCases {