In my code below I create a user in Ovirt SDK via its CLI. UserUtils.addUser(engineHost, USER, "John12", "Doe12"); UserUtils.setPassword(engineHost, USER, "abcdef"); I then create a Map of permissions for a new role Role addedRole = addRole(sysService, new RoleBuilder() .administrative(true) .name(expName) .description(expDescription) .permits(RoleUtils.createTestPermits(new ArrayList<>(expectedPermits.keySet()))) .build()); And build the user with same role. UserBuilder builder = new UserBuilder().userName(USER).lastName("Doe").name("John").domain(domainBuilder).roles(addedRole); However, when i create my connection as follows... connection = ConnectionUtils.createConnection(engineUrl, USER + "@internal-authz", "abcdef"); sysService = ConnectionUtils.getReferenceToSystemServices(connection); It doesnt allow user login 2020-03-09 16:12:04,686/GMT [main] ERROR framework (StepLogger.java:96:onTestFailure) - ------------------- Test failed UserRoleTest.testUserRole() @68d6972f [pri:0] ----- org.ovirt.engine.sdk4.Error: Error during SSO authentication "access_denied" : "Cannot authenticate user 'a0e04eda-396c-46f1-9b4b-11d7c6@internal-authz': No valid profile f at org.ovirt.engine.sdk4.internal.HttpConnection.getAccessToken(HttpConnection.java:377) Full code below. As you can see, the new role includes login permissions. If i go in as the admin user, i can see that while the role has been successfully added, it does not get assigned to the user. @Test(description = "Test role assigned to user") public void testUserRole() throws NoSuchFieldException, IllegalAccessException { UserUtils.addUser(engineHost, USER, "John12", "Doe12"); UserUtils.setPassword(engineHost, USER, "abcdef"); DomainBuilder domainBuilder = new DomainBuilder().id("696E7465726E616C2D617574687A").name("internal-authz"); String typeName = "AAAA"; String expName = typeName + OvirtCommonUtils.returnUniqueID("");; String expDescription = "I am a new Test User"; Map<String,String> expectedPermits = new HashMap<>(); sysService.rolesService().roleService("UserVmManager").get(); // expectedPermits.put("1", "create_Vm"); expectedPermits.put("2", "delete_vm"); expectedPermits.put("3", "edit_vm_properties"); expectedPermits.put("5", "change_vm_cd"); expectedPermits.put("7", "connect_to_vm"); expectedPermits.put("9", "configure_vm_network"); expectedPermits.put("10", "configure_vm_storage"); expectedPermits.put("12", "manipulate_vm_snapshots"); expectedPermits.put("1100", "create_disk"); expectedPermits.put("1101", "attach_disk"); expectedPermits.put("1102", "edit_disk_properties"); expectedPermits.put("1104", "delete_disk"); expectedPermits.put("502", "manipulate_permissions"); expectedPermits.put("1300", "login"); expectedPermits.put("503", "add_users_and_groups_from_directory"); expectedPermits.put("17", "reboot_vm"); expectedPermits.put("18", "stop_vm"); expectedPermits.put("19", "shut_down_vm"); expectedPermits.put("21", "hibernate_vm"); expectedPermits.put("22", "run_vm"); expectedPermits.put("1664", "connect_to_serial_console"); expectedPermits.put("1668", "assign_cpu_profile"); expectedPermits.put("1108", "sparsify_disk"); expectedPermits.put("1109", "reduce_disk"); expectedPermits.put("1110", "backup_disk"); //create role Role addedRole = addRole(sysService, new RoleBuilder() .administrative(true) .name(expName) .description(expDescription) .permits(RoleUtils.createTestPermits(new ArrayList<>(expectedPermits.keySet()))) .build()); UserBuilder builder = new UserBuilder().userName(USER).lastName("Doe").name("John").domain(domainBuilder).roles(addedRole); PermissionBuilder permissionBuilder = new PermissionBuilder().id("1").name("Do something").user(builder); connection = ConnectionUtils.createConnection(engineUrl, USER + "@internal-authz", "abcdef"); sysService = ConnectionUtils.getReferenceToSystemServices(connection);