diff --git a/internal/jimm/cloud.go b/internal/jimm/cloud.go
index 710773a49..e5aaa9708 100644
--- a/internal/jimm/cloud.go
+++ b/internal/jimm/cloud.go
@@ -557,7 +557,7 @@ func (j *JIMM) doCloudAdmin(ctx context.Context, u *openfga.User, ct names.Cloud
 func (j *JIMM) GrantCloudAccess(ctx context.Context, user *openfga.User, ct names.CloudTag, ut names.UserTag, access string) error {
 	const op = errors.Op("jimm.GrantCloudAccess")
 
-	targetRelation, err := cloudAccessToRelation(access)
+	targetRelation, err := ToCloudRelation(access)
 	if err != nil {
 		return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err)
 	}
@@ -608,7 +608,7 @@ func (j *JIMM) GrantCloudAccess(ctx context.Context, user *openfga.User, ct name
 func (j *JIMM) RevokeCloudAccess(ctx context.Context, user *openfga.User, ct names.CloudTag, ut names.UserTag, access string) error {
 	const op = errors.Op("jimm.RevokeCloudAccess")
 
-	targetRelation, err := cloudAccessToRelation(access)
+	targetRelation, err := ToCloudRelation(access)
 	if err != nil {
 		return errors.E(op, errors.CodeBadRequest, "failed to recognize given access", err)
 	}
@@ -662,15 +662,6 @@ func (j *JIMM) RevokeCloudAccess(ctx context.Context, user *openfga.User, ct nam
 	return nil
 }
 
-func cloudAccessToRelation(access string) (openfga.Relation, error) {
-	if access == "admin" {
-		return ofganames.AdministratorRelation, nil
-	} else if access == "add-model" {
-		return ofganames.CanAddModelRelation, nil
-	}
-	return ofganames.NoRelation, errors.E(fmt.Sprintf("unknown access: %q", access))
-}
-
 // RemoveCloud removes the given cloud from JAAS If the cloud is not found
 // then an error with the code CodeNotFound is returned. If the
 // authenticated user does not have admin access to the cloud then an error