After attaching an existing foundation to Tanzu Hub, user role bindings (from Operations Manager and Elastic Application Runtime) should synchronize and appear under Administration > Roles and Permissions > Users & Groups. In some instances, however, no role bindings are displayed, and the list appears empty.

• Tanzu Hub release ~v10.3 
• Platform Services

Synchronization is managed by the rbac-agent component within the Platform Service tile. This agent retrieves role binding data from the Operations Manager UAA and Elastic Application Runtime CAPI, then forwards it to Tanzu Hub via a REST POST request.

On large foundations with a high volume of user role bindings, the POST request body may exceed the maximum payload size permitted by Tanzu Hub. Consequently, the rbac-agent fails to transmit the data, logging the following error: "LeMans returned an unexpected response status code 413 Payload Too Large". 

Resolution: Engineering is currently developing a permanent fix. This KB will be updated as soon as a patch or a new release is available.

Workaround: Until a fix is released, use the built-in tanzu_platform_admin user to manage the environment.