diff --git a/foundations/environments/main.tf b/foundations/environments/main.tf
index ad48eb24..4352f2f2 100644
--- a/foundations/environments/main.tf
+++ b/foundations/environments/main.tf
@@ -24,8 +24,8 @@ module "tf-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive = {
-    for name in var.iam_terraform_owners : (name) => ["roles/owner"]
+  iam_additive    = {
+    "roles/owner" = var.iam_terraform_owners
   }
   services = var.project_services
 }
@@ -158,8 +158,8 @@ module "sharedsvc-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive = {
-    for name in var.iam_shared_owners : (name) => ["roles/owner"]
+  iam_additive    = {
+    "roles/owner" = var.iam_shared_owners
   }
   services = var.project_services
 }
diff --git a/modules/project/README.md b/modules/project/README.md
index 402cee0b..12e78e39 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -36,23 +36,12 @@ module "project" {
   name            = "project-example"
 
   iam_additive = {
-    "group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
-	    "roles/viewer",
-	    "roles/storage.objectAdmin"
-    ],
-    "group:usergroup_gcp_admin@lemonadeinc.io" = [
-	    "roles/owner",
-    ],
-    "group:usergroup_gcp_privilege_access@lemonadeinc.io" = [
-	    "roles/editor"
-    ],
-    "group:engineering@lemonadeinc.io" = [
-	    "roles/pubsub.subscriber",
-	    "roles/storage.objectViewer"
-    ],
+    "roles/viewer"               = ["group:one@example.org", "group:two@xample.org"],
+    "roles/storage.objectAdmin"  = ["group:two@example.org"],
+    "roles/owner"                = ["group:three@example.org"],
   }
 }
-# tftest:modules=1:resources=7
+# tftest:modules=1:resources=5
 ```
 
 ### Organization policies