diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89dba8555..fbac42d3d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 
 ### Added
 - Add changelog enforcer as GitHub Action to workflow ([#891](https://github.com/opendevstack/ods-core/issues/891))
+- Narrow down system:authenticated permissions when creating new ODS project ([#942](https://github.com/opendevstack/ods-core/issues/942))
 
 ## [3.0] - 2020-08-11
 
diff --git a/create-projects/create-projects.sh b/create-projects/create-projects.sh
index 161e96d71..abc33b2e9 100755
--- a/create-projects/create-projects.sh
+++ b/create-projects/create-projects.sh
@@ -117,9 +117,4 @@ else
   oc policy add-role-to-group view system:authenticated -n "${PROJECT_ID}-dev"
   oc policy add-role-to-group view system:authenticated -n "${PROJECT_ID}-test"
   oc policy add-role-to-group view system:authenticated -n "${PROJECT_ID}-cd"
-
-  echo "Allow all authenticated users to edit the project"
-  oc policy add-role-to-group edit system:authenticated -n "${PROJECT_ID}-dev"
-  oc policy add-role-to-group edit system:authenticated -n "${PROJECT_ID}-test"
-  oc policy add-role-to-group edit system:authenticated -n "${PROJECT_ID}-cd"
 fi
diff --git a/create-projects/tests/run.sh b/create-projects/tests/run.sh
index bac585177..6ded40279 100755
--- a/create-projects/tests/run.sh
+++ b/create-projects/tests/run.sh
@@ -47,10 +47,6 @@ oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-dev
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-test' --times 1
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-cd' --times 1
 
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-dev' --times 1
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-test' --times 1
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-cd' --times 1
-
 ../create-projects.sh --project foo
 
 oc mock --verify
@@ -69,10 +65,6 @@ oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-dev
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-test' --times 1
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-cd' --times 1
 
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-dev' --times 1
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-test' --times 1
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-cd' --times 1
-
 ../create-projects.sh --project foo --admins foo.bar@example.com,baz.qux@example.com --groups=
 
 oc mock --verify
@@ -100,10 +92,6 @@ oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-dev
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-test' --times 0
 oc mock --receive 'policy add-role-to-group view system:authenticated -n foo-cd' --times 0
 
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-dev' --times 0
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-test' --times 0
-oc mock --receive 'policy add-role-to-group edit system:authenticated -n foo-cd' --times 0
-
 ../create-projects.sh --project foo --groups USERGROUP=foo,ADMINGROUP=bar,READONLYGROUP=baz
 
 oc mock --verify