When attempting to create an Organization (Org) Group, the process fails and displays the following error:

Error:Org Group creation failed for 'test': Step 'creating role bindings' failed: [User: ensemble-service doesn't have any role bindings assigned.]

Tanzu Hub 10.4

The role binding failure occurred because the system requires the existence of a specific internal user ([email protected]) in the foundation’s User Account and Authentication (UAA) store. This is necessary for role bindings to be created during the setup of Org/Space Groups.

Upgrade to the latest version of the product, 10.4.1 or higher. A fix has been implemented to display the specific role binding error instead of the generic ensemble-service message. 

---

The workaround to immediately unblock Org/Space Group creation is to manually create the missing user, [email protected], in the foundation's UAA:

1. Use the uaac command line tool against your TAS foundation.
2. Add the required user:
    
   uaac user add -given_name [email protected] --emails [email protected]

After running this command, Org and Space Groups could be created successfully.