linode · abailly-akamai · Jan 16, 2026 · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
diff --git a/packages/manager/.changeset/pr-13266-tech-stories-1768401757846.md b/packages/manager/.changeset/pr-13266-tech-stories-1768401757846.md
@@ -0,0 +1,5 @@
+---
+"@linode/manager": Tech Stories
+---
+
+IAM - Clean up beta flag + BETA/LA logic ([#13266](https://github.com/linode/manager/pull/13266))
diff --git a/packages/manager/src/components/PrimaryNav/PrimaryNav.test.tsx b/packages/manager/src/components/PrimaryNav/PrimaryNav.test.tsx
@@ -22,7 +22,6 @@ const queryString = 'menu-item-Managed';
 
 const queryMocks = vi.hoisted(() => ({
   useIsIAMEnabled: vi.fn(() => ({
-    isIAMBeta: false,
     isIAMEnabled: false,
   })),
   usePreferences: vi.fn().mockReturnValue({}),
@@ -497,7 +496,6 @@ describe('PrimaryNav', () => {
   it('should show Administration links', async () => {
     const flags: Partial<Flags> = {
       iam: {
-        beta: true,
         enabled: true,
       },
       limitsEvolution: {
@@ -508,7 +506,6 @@ describe('PrimaryNav', () => {
     };
 
     queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMBeta: true,
       isIAMEnabled: true,
     });
 
@@ -544,13 +541,11 @@ describe('PrimaryNav', () => {
   it('should hide Identity & Access link for non beta users', async () => {
     const flags: Partial<Flags> = {
       iam: {
-        beta: true,
         enabled: false,
       },
     };
 
     queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMBeta: true,
       isIAMEnabled: false,
     });
 

diff --git a/packages/manager/src/components/PrimaryNav/PrimaryNav.tsx b/packages/manager/src/components/PrimaryNav/PrimaryNav.tsx
@@ -119,7 +119,7 @@ export const PrimaryNav = (props: PrimaryNavProps) => {
   const { isPlacementGroupsEnabled } = useIsPlacementGroupsEnabled();
   const { isDatabasesEnabled, isDatabasesV2Beta } = useIsDatabasesEnabled();
 
-  const { isIAMBeta, isIAMEnabled } = useIsIAMEnabled();
+  const { isIAMEnabled } = useIsIAMEnabled();
   const showLimitedAvailabilityBadges = flags.iamLimitedAvailabilityBadges;
 
   const { isNetworkLoadBalancerEnabled } = useIsNetworkLoadBalancerEnabled();
@@ -297,8 +297,7 @@ export const PrimaryNav = (props: PrimaryNavProps) => {
                 display: 'Identity & Access',
                 hide: !isIAMEnabled,
                 to: '/iam',
-                isBeta: isIAMBeta,
-                isNew: !isIAMBeta && showLimitedAvailabilityBadges,
+                isNew: isIAMEnabled && showLimitedAvailabilityBadges,
               },
               {
                 display: 'Quotas',
@@ -352,7 +351,6 @@ export const PrimaryNav = (props: PrimaryNavProps) => {
         isACLPEnabled,
         isACLPLogsBeta,
         isACLPLogsEnabled,
-        isIAMBeta,
         isIAMEnabled,
         isMarketplaceV2FeatureEnabled,
         isNetworkLoadBalancerEnabled,

diff --git a/packages/manager/src/featureFlags.ts b/packages/manager/src/featureFlags.ts
@@ -223,7 +223,7 @@ export interface Flags {
   gecko2: GeckoFeatureFlag;
   generationalPlansv2: GenerationalPlansFlag;
   gpuv2: GpuV2;
-  iam: BetaFeatureFlag;
+  iam: BaseFeatureFlag;
   iamDelegation: BaseFeatureFlag;
   iamLimitedAvailabilityBadges: boolean;
   ipv6Sharing: boolean;

diff --git a/packages/manager/src/features/IAM/IAMLanding.tsx b/packages/manager/src/features/IAM/IAMLanding.tsx
@@ -19,9 +19,9 @@ import { IAM_DOCS_LINK, ROLES_LEARN_MORE_LINK } from './Shared/constants';
 
 export const IdentityAccessLanding = React.memo(() => {
   const flags = useFlags();
-  const { isIAMBeta, isIAMEnabled } = useIsIAMEnabled();
+  const { isIAMEnabled } = useIsIAMEnabled();
   const showLimitedAvailabilityBadges =
-    flags.iamLimitedAvailabilityBadges && isIAMEnabled && !isIAMBeta;
+    flags.iamLimitedAvailabilityBadges && isIAMEnabled;
   const location = useLocation();
   const navigate = useNavigate();
   const { isParentAccount } = useDelegationRole();

diff --git a/packages/manager/src/features/IAM/Roles/Defaults/DefaultsLanding.tsx b/packages/manager/src/features/IAM/Roles/Defaults/DefaultsLanding.tsx
@@ -17,9 +17,9 @@ export const DefaultsLanding = () => {
   const location = useLocation();
   const navigate = useNavigate();
   const flags = useFlags();
-  const { isIAMBeta, isIAMEnabled } = useIsIAMEnabled();
+  const { isIAMEnabled } = useIsIAMEnabled();
   const showLimitedAvailabilityBadges =
-    flags.iamLimitedAvailabilityBadges && isIAMEnabled && !isIAMBeta;
+    flags.iamLimitedAvailabilityBadges && isIAMEnabled;
 
   const { tabs, tabIndex, handleTabChange } = useTabs([
     {

diff --git a/packages/manager/src/features/IAM/Users/UserDetailsLanding.tsx b/packages/manager/src/features/IAM/Users/UserDetailsLanding.tsx
@@ -23,9 +23,9 @@ import {
 
 export const UserDetailsLanding = () => {
   const flags = useFlags();
-  const { isIAMBeta, isIAMEnabled } = useIsIAMEnabled();
+  const { isIAMEnabled } = useIsIAMEnabled();
   const showLimitedAvailabilityBadges =
-    flags.iamLimitedAvailabilityBadges && isIAMEnabled && !isIAMBeta;
+    flags.iamLimitedAvailabilityBadges && isIAMEnabled;
   const { username } = useParams({ from: '/iam/users/$username' });
   const { isIAMDelegationEnabled } = useIsIAMDelegationEnabled();
   const { isParentAccount } = useDelegationRole();

diff --git a/packages/manager/src/features/IAM/hooks/useGetAllUserEntitiesByPermission.ts b/packages/manager/src/features/IAM/hooks/useGetAllUserEntitiesByPermission.ts
@@ -11,10 +11,6 @@ import {
 
 import { entityPermissionMapFrom } from './adapters/permissionAdapters';
 import { useIsIAMEnabled } from './useIsIAMEnabled';
-import {
-  BETA_ACCESS_TYPE_SCOPE,
-  LA_ACCOUNT_ADMIN_PERMISSIONS_TO_EXCLUDE,
-} from './usePermissions';
 
 import type {
   APIError,
@@ -115,7 +111,7 @@ export const useGetAllUserEntitiesByPermission = <T extends FullEntityType>({
   filter = {},
   params = {},
 }: UseGetEntitiesByPermissionProps) => {
-  const { isIAMBeta, isIAMEnabled, profile } = useIsIAMEnabled();
+  const { isIAMEnabled, profile } = useIsIAMEnabled();
 
   // Get entities by permission (Restricted IAM users only)
   const {
@@ -129,24 +125,11 @@ export const useGetAllUserEntitiesByPermission = <T extends FullEntityType>({
     enabled: enabled && isIAMEnabled,
   });
 
-  /**
-   * Determine if we should use IAM permissions or legacy permissions
-   */
-  const useBetaPermissions =
-    isIAMEnabled &&
-    isIAMBeta &&
-    BETA_ACCESS_TYPE_SCOPE.includes(entityType) &&
-    LA_ACCOUNT_ADMIN_PERMISSIONS_TO_EXCLUDE.some((blacklistedPermission) =>
-      permission.includes(blacklistedPermission)
-    ) === false;
-  const useLAPermissions = isIAMEnabled && !isIAMBeta;
-  const shouldUseIAMPermissions = useBetaPermissions || useLAPermissions;
-
   /**
    * Extract entity IDs from the entities by permission data
    */
   const entityIds =
-    shouldUseIAMPermissions && profile?.restricted
+    isIAMEnabled && profile?.restricted
       ? entitiesByPermission?.map((e) => e.id)
       : undefined;
 
@@ -159,7 +142,7 @@ export const useGetAllUserEntitiesByPermission = <T extends FullEntityType>({
    * Legacy grants for non-IAM users
    */
   const { data: grants, isLoading: grantsLoading } = useGrants(
-    !shouldUseIAMPermissions && profile?.restricted && enabled
+    !isIAMEnabled && profile?.restricted && enabled
   );
 
   /**
@@ -168,7 +151,7 @@ export const useGetAllUserEntitiesByPermission = <T extends FullEntityType>({
    * In case a filter was used, we also return it to be used for client-side filtering
    * ex: we also pass this filter to the LinodeSelect to avoid caching two different queries (with and without filter)
    */
-  if (shouldUseIAMPermissions) {
+  if (isIAMEnabled) {
     return {
       ...entityQuery,
       filter,

diff --git a/packages/manager/src/features/IAM/hooks/useIsIAMEnabled.test.ts b/packages/manager/src/features/IAM/hooks/useIsIAMEnabled.test.ts
@@ -43,7 +43,6 @@ describe('useIsIAMEnabled', () => {
     });
 
     await waitFor(() => {
-      expect(result.current.isIAMBeta).toBe(true);
       expect(result.current.isIAMEnabled).toBe(true);
     });
   });
@@ -67,8 +66,6 @@ describe('useIsIAMEnabled', () => {
     });
 
     await waitFor(() => {
-      expect(result.current.isIAMBeta).toBe(false);
-      // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(result.current.isIAMEnabled).toBe(true);
       // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(true);
@@ -94,8 +91,6 @@ describe('useIsIAMEnabled', () => {
     });
 
     await waitFor(() => {
-      expect(result.current.isIAMBeta).toBe(false);
-      // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(result.current.isIAMEnabled).toBe(false);
       // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(false);
@@ -120,8 +115,6 @@ describe('useIsIAMEnabled', () => {
     });
 
     await waitFor(() => {
-      expect(result.current.isIAMBeta).toBe(true);
-      // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(result.current.isIAMEnabled).toBe(false);
       // eslint-disable-next-line testing-library/no-wait-for-multiple-assertions
       expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(true);

diff --git a/packages/manager/src/features/IAM/hooks/useIsIAMEnabled.ts b/packages/manager/src/features/IAM/hooks/useIsIAMEnabled.ts
@@ -28,7 +28,6 @@ export const useIsIAMEnabled = () => {
     useUserAccountPermissions(flags?.iam?.enabled === true);
 
   return {
-    isIAMBeta: flags.iam?.beta,
     isIAMEnabled: flags?.iam?.enabled && Boolean(roles || permissions),
     isLoading: isLoadingRoles || isLoadingPermissions,
     accountRoles: roles,

diff --git a/packages/manager/src/features/IAM/hooks/usePermissions.test.ts b/packages/manager/src/features/IAM/hooks/usePermissions.test.ts
@@ -7,9 +7,7 @@ import { usePermissions } from './usePermissions';
 import type { AccessType, PermissionType } from '@linode/api-v4';
 
 const queryMocks = vi.hoisted(() => ({
-  useIsIAMEnabled: vi
-    .fn()
-    .mockReturnValue({ isIAMEnabled: true, isIAMBeta: true }),
+  useIsIAMEnabled: vi.fn().mockReturnValue({ isIAMEnabled: true }),
   useUserAccountPermissions: vi.fn().mockReturnValue({
     data: ['cancel_account', 'create_linode'],
   }),
@@ -75,7 +73,7 @@ describe('usePermissions', () => {
   });
 
   it('returns correct map when IAM is enabled (account)', () => {
-    const flags = { iam: { beta: true, enabled: true } };
+    const flags = { iam: { enabled: true } };
 
     renderHook(
       () => usePermissions('account', ['cancel_account', 'create_linode']),
@@ -94,7 +92,7 @@ describe('usePermissions', () => {
   });
 
   it('returns correct map when IAM is enabled (entity)', () => {
-    const flags = { iam: { beta: true, enabled: true } };
+    const flags = { iam: { enabled: true } };
 
     renderHook(
       () => usePermissions('linode', ['reboot_linode', 'view_linode'], 123),
@@ -120,7 +118,7 @@ describe('usePermissions', () => {
       data: { global: { add_linode: true } },
     });
 
-    const flags = { iam: { beta: false, enabled: false } };
+    const flags = { iam: { enabled: false } };
     renderHook(
       () => usePermissions('account', ['cancel_account', 'create_linode']),
       {
@@ -136,83 +134,4 @@ describe('usePermissions', () => {
       false
     );
   });
-
-  it('returns correct map when IAM beta is false', () => {
-    queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMEnabled: true,
-      isIAMBeta: false,
-    });
-    const flags = { iam: { beta: false, enabled: true } };
-
-    renderHook(() => usePermissions('account', ['create_linode']), {
-      wrapper: (ui) => wrapWithTheme(ui, { flags }),
-    });
-
-    expect(queryMocks.useGrants).toHaveBeenCalledWith(false);
-    expect(queryMocks.useUserEntityPermissions).toHaveBeenCalledWith(
-      'account',
-      undefined,
-      true
-    );
-  });
-
-  it('returns correct map when beta is true and neither the access type nor the permissions are in the limited availability scope', () => {
-    const flags = { iam: { beta: true, enabled: true } };
-    queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMEnabled: true,
-      isIAMBeta: true,
-    });
-
-    renderHook(() => usePermissions('linode', ['update_linode'], 123), {
-      wrapper: (ui) => wrapWithTheme(ui, { flags }),
-    });
-
-    expect(queryMocks.useGrants).toHaveBeenCalledWith(false);
-    expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(false);
-    expect(queryMocks.useUserEntityPermissions).toHaveBeenCalledWith(
-      'linode',
-      123,
-      true
-    );
-  });
-
-  it('returns correct map when beta is true and the access type is in the limited availability scope', () => {
-    const flags = { iam: { beta: true, enabled: true } };
-    queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMEnabled: true,
-      isIAMBeta: true,
-    });
-
-    renderHook(() => usePermissions('volume', ['resize_volume'], 123), {
-      wrapper: (ui) => wrapWithTheme(ui, { flags }),
-    });
-
-    expect(queryMocks.useGrants).toHaveBeenCalledWith(true);
-    expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(false);
-    expect(queryMocks.useUserEntityPermissions).toHaveBeenCalledWith(
-      'volume',
-      123,
-      false
-    );
-  });
-
-  it('returns correct map when beta is true and one of the permissions is in the limited availability scope', () => {
-    const flags = { iam: { beta: true, enabled: true } };
-    queryMocks.useIsIAMEnabled.mockReturnValue({
-      isIAMEnabled: true,
-      isIAMBeta: true,
-    });
-
-    renderHook(() => usePermissions('account', ['create_volume']), {
-      wrapper: (ui) => wrapWithTheme(ui, { flags }),
-    });
-
-    expect(queryMocks.useGrants).toHaveBeenCalledWith(true);
-    expect(queryMocks.useUserAccountPermissions).toHaveBeenCalledWith(false);
-    expect(queryMocks.useUserEntityPermissions).toHaveBeenCalledWith(
-      'account',
-      undefined,
-      false
-    );
-  });
 });