diff --git a/data.tf b/data.tf
index 87419a9..7be04ae 100644
--- a/data.tf
+++ b/data.tf
@@ -38,6 +38,19 @@ locals {
       ])
     )
   ]))
+
+  # Extract all roles used in permissions across all repositories
+  base_roles = ["pull", "triage", "push", "maintain", "admin"]
+  all_permission_roles = distinct(flatten([
+    for k, repo in var.repositories :
+    values(coalesce(repo.permissions, {}))
+  ]))
+
+  # Check if any role is not in base_roles
+  has_custom_roles = length([
+    for role in local.all_permission_roles :
+    role if !contains(local.base_roles, role)
+  ]) > 0
 }
 
 # Fetch user data for referenced users (only if not provided)
@@ -46,6 +59,11 @@ data "github_user" "referenced_users" {
   username = each.value
 }
 
+# Fetch organization custom roles (only if custom roles are detected)
+data "github_organization_repository_roles" "all" {
+  count = local.has_custom_roles ? 1 : 0
+}
+
 # Fetch app installation data for referenced apps (only if not provided)
 data "github_app" "bypass_apps" {
   for_each = length(var.github_app_ids) == 0 ? toset(local.bypass_app_slugs) : toset([])
@@ -68,4 +86,10 @@ locals {
   github_app_ids = length(var.github_app_ids) > 0 ? var.github_app_ids : {
     for slug, app in data.github_app.bypass_apps : slug => app.id
   }
+
+  # Build allowed roles list: base roles + custom roles (if fetched)
+  allowed_roles = local.has_custom_roles ? concat(
+    local.base_roles,
+    [for role in data.github_organization_repository_roles.all[0].roles : role.name]
+  ) : local.base_roles
 }
diff --git a/examples/complete/tfplan b/examples/complete/tfplan
deleted file mode 100644
index fb28f90..0000000
Binary files a/examples/complete/tfplan and /dev/null differ
diff --git a/main.tf b/main.tf
index c3b21b3..e0b683b 100644
--- a/main.tf
+++ b/main.tf
@@ -102,9 +102,8 @@ module "repositories" {
   template    = each.value.template
 
   # Access & Permissions
-  permissions   = each.value.permissions
-  deploy_keys   = each.value.deploy_keys
-  allowed_roles = each.value.allowed_roles
+  permissions = each.value.permissions
+  deploy_keys = each.value.deploy_keys
 
   # Automation (Global)
   webhooks = each.value.webhooks
@@ -130,4 +129,7 @@ module "repositories" {
   github_team_ids = local.github_team_ids
   github_user_ids = local.github_user_ids
   github_app_ids  = local.github_app_ids
+
+  # Pre-fetched allowed roles (base + custom if detected)
+  allowed_roles = local.allowed_roles
 }