I have created a Custom Admin group for our service desk. On our site, this custom admin group has the permissions view, manage sessions, and control on the RD Session Host pools. The Global site has view permissions for the permission type 'monitoring'. When a user logs into the Management Portal, they receive the error message "Failed to retrieve list of RAS Secure Gateway - Failed due to insufficient permissions". If they then try to view the sessions, the error message "Failed to retrieve list of RAS Client Policy - Failed due to insufficient permissions" appears. The sessions do appear initially, but on a subsequent attempt to retrieve them, they are no longer visible. Which permissions still need to be configured? And where?
Hello Leon, tried the same configuration without issue. Used global site permission to monitor and RDSH permissions view, manage and control. For the permissions, I just created a new group Grp_support and added a single user helpdesk. However, you could try add secure gateways view.
Hello Thiery, Thank you for the answer. I've added the secure gateways view, but with no results. I'm also getting an XML error at logon. The configuration is indeed the same as yours. I've added the screenshots of the settings and error messages. Leon Gerards
Update from Leon (thank you Leon for the information !) Hello Team, We reviewed the issue internally, and this behavior is currently a known issue in Parallels RAS 21.1. In RAS 21.1, certain Management Portal components (including RAS Client Policies) incorrectly require permissions that cannot be assigned through the custom administrator role interface. As a result, users assigned to custom administrator groups may receive "Failed due to insufficient permissions" errors even when the appropriate View, Modify, and Control permissions have already been granted. This issue has been addressed in Parallels RAS 21.2 according to the latest update from our engineering team. At this time, there is no configuration change available in RAS 21.1 that would allow you to grant the missing Client Policy permissions at the Global level, as those permissions are not exposed in the administrator role configuration UI. We recommend upgrading to Parallels RAS 21.2 once it becomes available. The fix included in that release should resolve the permission-related errors encountered by custom administrator accounts within the Management Portal. You can subscribe to the release notes https://kb.parallels.com/en/131037 to get an update once RASV21.2 is available.
