A PAM limited administrator with a Policy Manager role is not able to create a policy between a new user group and any device or device group, running into the following error right after selecting a device or device group in the policy editor:
PAM-UI-1804: Error retrieving association information between user(group) and device(group). - PAM-CMN-0003: Not authorized to perform this action.
The user group is assigned to this manager and there is no problem creating policies for other user groups.
A PAM user with a Global Administrator role is able to create policies for the new group.
Affects PAM releases up to 4.1.8 and 4.2.0.
PAM ran into an internal error while checking the user's authorization, because the user group did not have any members yet.
This problem will be fixed in PAM 4.2.1 and later releases.
For affected releases, assign at least one user to the group before creating policies for it to work around this problem.