hi datahub community, we've integrated datahub with OKTA and can add users and those users can log-in, however we have a problem that users who are administrators/admins can not add users to groups. When I try to use my OKTA user to login and add a user to a group I get "Not Authorized" error:

cc:: @echoing-airport-49548

It looks like the users don't have enough permissions to do the operations you want, have you check the policies? By default, there are some policies that make every user to behave almost like a root user.

Hi @prehistoric-room-17640 I would suggest you assign the Admin role to your Admin users and you shouldn’t have this issue https://datahubproject.io/docs/authorization/roles/#roles

@echoing-airport-49548 - that's what I initially did and it didn't work. DH allowed me to assign myself as an admin, then I went to setup several users in groups and it gave me the not authorized error above.

Ah I see

will do.

16:44:41.681 [Thread-7359] ERROR c.datahub.graphql.GraphQLController:98 - Errors while executing graphQL query: "query listUsers($input: ListUsersInput!) {\n  listUsers(input: $input) {\n    start\n    count\n    total\n    users {\n      urn\n      username\n      isNativeUser\n      info {\n        active\n        displayName\n        title\n        firstName\n        lastName\n        fullName\n        email\n        __typename\n      }\n      editableProperties {\n        displayName\n        pictureLink\n        teams\n        title\n        skills\n        __typename\n      }\n      status\n      roles: relationships(\n        input: {types: [\"IsMemberOfRole\"], direction: OUTGOING, start: 0}\n      ) {\n        start\n        count\n        total\n        relationships {\n          entity {\n            ... on DataHubRole {\n              urn\n              type\n              name\n              relationships(input: {types: [\"IsMemberOfRole\"], direction: INCOMING}) {\n                start\n                count\n                total\n                __typename\n              }\n              __typename\n            }\n            __typename\n          }\n          __typename\n        }\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n}\n", result: {errors=[{message=An unknown error occurred., locations=[{line=2, column=3}], path=[listUsers], extensions={code=500, type=SERVER_ERROR, classification=DataFetchingException}}], data={listUsers=null}, extensions={tracing={version=1, startTime=2022-10-10T16:44:41.631899Z, endTime=2022-10-10T16:44:41.681499Z, duration=49602424, parsing={startOffset=542482, duration=528315}, validation={startOffset=792043, duration=240333}, execution={resolvers=[{path=[listUsers], parentType=Query, returnType=ListUsersResult, fieldName=listUsers, startOffset=824710, duration=48270409}]}}}}, errors: [DataHubGraphQLError{path=[listUsers], code=SERVER_ERROR, locations=[SourceLocation{line=2, column=3}]}]