diff --git a/coderd/rbac/builtin.go b/coderd/rbac/builtin.go
index 71b0f059f628d..d39d1b56fca49 100644
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@@ -66,7 +66,8 @@ var (
 				DisplayName: "Member",
 				Site: permissions(map[Object][]Action{
 					// All users can read all other users and know they exist.
-					ResourceUser: {ActionRead},
+					ResourceUser:           {ActionRead},
+					ResourceRoleAssignment: {ActionRead},
 				}),
 				User: permissions(map[Object][]Action{
 					ResourceWildcard: {WildcardSymbol},
diff --git a/coderd/rbac/builtin_internal_test.go b/coderd/rbac/builtin_internal_test.go
index a5374dcc37547..3ffe8879a2548 100644
--- a/coderd/rbac/builtin_internal_test.go
+++ b/coderd/rbac/builtin_internal_test.go
@@ -34,7 +34,7 @@ func TestRoleByName(t *testing.T) {
 			t.Run(c.Role.Name, func(t *testing.T) {
 				role, err := RoleByName(c.Role.Name)
 				require.NoError(t, err, "role exists")
-				require.Equal(t, c.Role, role)
+				equalRoles(t, c.Role, role)
 			})
 		}
 	})
@@ -53,3 +53,18 @@ func TestRoleByName(t *testing.T) {
 		require.Error(t, err, "expect orgID")
 	})
 }
+
+// SameAs compares 2 roles for equality.
+func equalRoles(t *testing.T, a, b Role) {
+	require.Equal(t, a.Name, b.Name, "role names")
+	require.Equal(t, a.DisplayName, b.DisplayName, "role display names")
+	require.ElementsMatch(t, a.Site, b.Site, "site permissions")
+	require.ElementsMatch(t, a.User, b.User, "user permissions")
+	require.Equal(t, len(a.Org), len(b.Org), "same number of org roles")
+
+	for ak, av := range a.Org {
+		bv, ok := b.Org[ak]
+		require.True(t, ok, "org permissions missing: %s", ak)
+		require.ElementsMatchf(t, av, bv, "org %s permissions", ak)
+	}
+}
diff --git a/coderd/roles_test.go b/coderd/roles_test.go
index 0350bcf835377..22397b7b34c1f 100644
--- a/coderd/roles_test.go
+++ b/coderd/roles_test.go
@@ -112,7 +112,6 @@ func TestListRoles(t *testing.T) {
 	})
 	require.NoError(t, err, "create org")
 
-	const unauth = "forbidden"
 	const notMember = "not a member of the organization"
 
 	testCases := []struct {
@@ -128,14 +127,14 @@ func TestListRoles(t *testing.T) {
 				x, err := member.ListSiteRoles(ctx)
 				return x, err
 			},
-			AuthorizedError: unauth,
+			ExpectedRoles: convertRoles(rbac.SiteRoles()),
 		},
 		{
 			Name: "OrgMemberListOrg",
 			APICall: func() ([]codersdk.Role, error) {
 				return member.ListOrganizationRoles(ctx, admin.OrganizationID)
 			},
-			AuthorizedError: unauth,
+			ExpectedRoles: convertRoles(rbac.OrganizationRoles(admin.OrganizationID)),
 		},
 		{
 			Name: "NonOrgMemberListOrg",
@@ -150,7 +149,7 @@ func TestListRoles(t *testing.T) {
 			APICall: func() ([]codersdk.Role, error) {
 				return orgAdmin.ListSiteRoles(ctx)
 			},
-			AuthorizedError: unauth,
+			ExpectedRoles: convertRoles(rbac.SiteRoles()),
 		},
 		{
 			Name: "OrgAdminListOrg",