diff --git a/.ci/infra/terraform/main.tf b/.ci/infra/terraform/main.tf
index a5f0adf8291c..6c7284d41ecf 100644
--- a/.ci/infra/terraform/main.tf
+++ b/.ci/infra/terraform/main.tf
@@ -165,6 +165,12 @@ resource "google_organization_iam_member" "sa_principal_access_boundary_admin" {
   member = google_service_account.sa.member
 }
 
+resource "google_organization_iam_member" "dlp_admin" {
+  org_id = data.google_organization.org.org_id
+  role   = "roles/dlp.admin"
+  member = google_service_account.sa.member
+}
+
 resource "google_billing_account_iam_member" "sa_master_billing_admin" {
   billing_account_id = data.google_billing_account.master_acct.id
   role               = "roles/billing.admin"
diff --git a/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_test.go b/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_test.go
index 392d5f64800f..d8df30365471 100644
--- a/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_test.go
+++ b/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_test.go
@@ -1370,21 +1370,6 @@ func testAccDataLossPreventionDiscoveryConfig_dlpDiscoveryConfigStartAwsS3(conte
 	return acctest.Nprintf(`
 data "google_project" "project" {
 }
-resource "google_organization_iam_member" "service_agent" {
-	org_id = "%{organization}"
-	role    = "roles/servicemanagement.admin"
-	member = "serviceAccount:service-${data.google_project.project.number}@dlp-api.iam.gserviceaccount.com"
-}
-resource "google_organization_iam_member" "org_admin" {
-	org_id = "%{organization}"
-	role    = "roles/resourcemanager.organizationAdmin"
-	member = "serviceAccount:service-${data.google_project.project.number}@dlp-api.iam.gserviceaccount.com"
-}
-resource "google_organization_iam_member" "dlp_role" {
-    org_id = "%{organization}"
-	role    = "roles/dlp.orgdriver"
-	member = "serviceAccount:service-${data.google_project.project.number}@dlp-api.iam.gserviceaccount.com"
-}
 resource "google_data_loss_prevention_inspect_template" "basic" {
     parent = "projects/%{project}"
     description = "Description"