New feature in 12.6 - Permission Groups

Anna Kirichenko

After a recent upgrade to 12.6.0, some users were not able to log in, getting an error message "Error. Sorry, there was an error : unauthorized_client. Request Id: 0HMSA0GDGEDP2:0000003C".
It didn´t happen to the users with Admin license.

So we´ve realized that in the Subscription Hub there was a new setting which was empty - Permission Groups. So we have created one such group and assigned some of the users (including the one that has received the error) to the group.The user was able to log in successfully.

However, some other users which got the error, were then able to log in without any issues, even though thery were not assigned to any Permission Groups. This applies to both the users with Board authentication as well as the users with a Single Sign-On enabled.

Does anyone have some further experience with this and could share what should be configured for a basic setup (no API)?

Willians Santana

Hi Anna,

I hope you are having a great day!

I am researching this topic, and we want to share with you the information regarding this topic obtained from the Board Manual:

https://www.boardmanual.com/2021/summer/administration/Subscription_Hub/1a_Permission_Groups/adding-managing-permission-groups.htm?rhsearch=permission%20group&rhhlterm=permission%20permissions%20groups%20group

Please, let me know if this helps.

I will continue my research and share my findings with you if I have more information about the specific error message experienced by the end-users mentioned by you.

Best Regards,

Willians

Tommaso Riva

Hi Anna,

If you leave the permission group empty, user authentication will not be affected.

To be clear: the configuration of the permission group is not a required field , so forget it unless you really need it (which does not seem to be the case).

Can you try removing the permission group (if any) and see if the user authentication works again?

If not, please open a ticket with our support for further investigation.

Anna Kirichenko

Hi @Willians Santana

Thanks! I´ve found the information on the manual, however some bits of it were not very clear, or maybe my questions were very specific.

Anna Kirichenko

Hi @Tommaso Riva

Thanks for the suggestion, I will coordinate a test with the users and try to remove the permission group completely and see if it works.

Willians Santana

You are very welcome, @Anna Kirichenko! Thank you for your input! I do appreciate that. Your questions are great! Please, let me know if @Tommaso Riva's guidance works for you. We are all ears for you.

Anna Kirichenko

@Tommaso Riva @Willians Santana I´ve deleted the permission groups and the users could test that they are able to sign in again. So the feature indeed is not mandatoty but it was strange that right after the upgrade it seemed like it was mandatory… Let´s hope it keeps working fine.
Thanks for your help.