Endpoint permissions can be assigned to a single Workspace or all Workspaces, however Kong Manager does not send the Workspace details in the JSON body of the request to create / update the endpoint permissions.
The effect of this is that permissions that are created using Kong Manager will use the currently selected Workspace in Kong Manager, as the Workspace to be applied to.
To circumvent the Kong Manager behavior, the Admin API can be called directly and the permissions can be set to apply to all Workspaces.