Basic administration tutorial errors

Hi everyone,
I created a Boundary Postgres db, 1 controller and 1 worker in my AWS account for testing purpose without any problem!
So, I followed instructions in https://learn.hashicorp.com/collections/boundary/basic-administration to test Boundary functionality!
After creating target, hosts-catalog, host-set and 1 host, I tested Boundary Desktop session connectivity with admin generated password and it works perfectly!
I have some problems instead when I try to connect with the user created following the tutorial mentioned: targets are not shown in Boundary Desktop and CLI command “boundary scope lists -scope-id=<project_id>” returns 403

This is the complete list of Boundary created resources (obtained with admin user) and finally errors displayed:

$ boundary scopes list -recursive

Scope information:
  ID:                    o_8nBVBFKtKu
    Scope ID:            global
    Version:             1
    Name:                <-- omitted -->
    Description:         <-- omitted -->
    Authorized Actions:
      no-op
      read
      update
      delete

  ID:                    o_UieGpgSxeX
    Scope ID:            global
    Version:             1
    Name:                Generated org scope
    Description:         Provides an initial org scope in Boundary
    Authorized Actions:
      no-op
      read
      update
      delete

  ID:                    p_hrfkCynu8q
    Scope ID:            o_UieGpgSxeX
    Version:             1
    Name:                Generated project scope
    Description:         Provides an initial project scope in Boundary
    Authorized Actions:
      no-op
      read
      update
      delete

  ID:                    p_nqog2SFHC9
    Scope ID:            o_8nBVBFKtKu
    Version:             1
    Name:                <-- omitted -->
    Description:         <-- omitted -->
    Authorized Actions:
      no-op
      read
      update
      delete

$ boundary accounts read -id=$ACCOUNT_ID

Account information:
  Auth Method ID:      ampw_yIsAtHy4Ly
  Created Time:        Wed, 29 Dec 2021 08:42:15 CET
  Description:         Giovanni Account
  ID:                  acctpw_8ykXgdeTMv
  Name:                giovanni
  Type:                password
  Updated Time:        Wed, 29 Dec 2021 08:42:15 CET
  Version:             1

  Scope:
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read
    update
    delete
    set-password
    change-password

  Attributes:
    Login Name:        giovanni

$ boundary users read -id=$USER_ID

User information:
  Created Time:        Wed, 29 Dec 2021 08:43:02 CET
  Description:         <-- omitted -->
  ID:                  u_bkDQay01lP
  Name:                giovanni
  Updated Time:        Wed, 29 Dec 2021 08:43:51 CET
  Version:             2

  Scope:
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read
    update
    delete
    add-accounts
    set-accounts
    remove-accounts

  Accounts:
    ID:                acctpw_8ykXgdeTMv
    Scope ID:          o_8nBVBFKtKu

$ boundary groups read -id=$GROUP_ID

Group information:
  Created Time:        Wed, 29 Dec 2021 12:38:41 CET
  Description:         <-- omitted -->
  ID:                  g_IPQY9RtN7J
  Name:                <-- omitted -->
  Updated Time:        Wed, 29 Dec 2021 12:40:32 CET
  Version:             2

  Scope:
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read
    update
    delete
    add-members
    set-members
    remove-members

  Members:
    ID:                u_bkDQay01lP
    Scope ID:          o_8nBVBFKtKu

$ boundary roles read -id=$ROLE_ID

Role information:
  Created Time:        Wed, 29 Dec 2021 12:37:16 CET
  Description:         Role with read-only permission
  Grant Scope ID:      o_8nBVBFKtKu
  ID:                  r_tATkoQmBV6
  Name:                read-only
  Updated Time:        Wed, 29 Dec 2021 12:42:28 CET
  Version:             3

  Scope:
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read
    update
    delete
    add-principals
    set-principals
    remove-principals
    add-grants
    set-grants
    remove-grants

  Principals:
    ID:             g_IPQY9RtN7J
      Type:         group
      Scope ID:     o_8nBVBFKtKu

  Canonical Grants:
    id=*;type=*;actions=list,read

$ boundary targets list -scope-id $PROJECT_ID                                                                                   

Target information:
  ID:                    ttcp_sXwYN5hAk8
    Version:             2
    Type:                tcp
    Name:                <-- omitted -->
    Description:         <-- omitted -->
    Authorized Actions:
      no-op
      read
      update
      delete
      add-host-sets
      set-host-sets
      remove-host-sets
      add-host-sources
      set-host-sources
      remove-host-sources
      add-credential-libraries
      set-credential-libraries
      remove-credential-libraries
      add-credential-sources
      set-credential-sources
      remove-credential-sources
      authorize-session

When I try to get target details by Giovanni user I obtained error 403:

$ boundary authenticate password -auth-method-id ampw_yIsAtHy4Ly -login-name giovanni -password <-- omitted -->

Authentication information:
  Account ID:      acctpw_8ykXgdeTMv
  Auth Method ID:  ampw_yIsAtHy4Ly
  Expiration Time: Wed, 05 Jan 2022 18:03:38 CET
  User ID:         u_bkDQay01lP

The token was successfully stored in the chosen keyring and is not displayed here.

$ boundary scopes read -id=$ORG_ID

Error from controller when performing read on scope

Error information:
  Kind:                PermissionDenied
  Message:             Forbidden.
  Status:              403
  context:             Error from controller when performing read on scope

$ boundary scopes read -id=$PROJECT_ID

Scope information:
  Created Time:        Wed, 29 Dec 2021 08:25:42 CET
  Description:         <-- omitted -->
  ID:                  p_nqog2SFHC9
  Name:                <-- omitted -->
  Updated Time:        Wed, 29 Dec 2021 08:25:42 CET
  Version:             1

  Scope (parent):
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read

  Authorized Actions on Scope's Collections:
    sessions:
      list

$ boundary targets list -scope-id $PROJECT_ID                                                                                 

Error from controller when performing list on targets

Error information:
  Kind:                PermissionDenied
  Message:             Forbidden.
  Status:              403
  context:             Error from controller when performing list on targets 

I probably made a mistake, I just can’t find it!
Thanks in advance to those who want to help me :wink:

Try granting the list permission to your role for the project scope the target you created is in, and retry.

The role already has the permissions of list and read and is associated to user group principal, forgive me the banality but I don’t understand where I’m wrong!

$ boundary roles read -id=$ROLE_ID

Role information:
  Created Time:        Wed, 29 Dec 2021 12:37:16 CET
  Description:         Role with read-only permission
  Grant Scope ID:      o_8nBVBFKtKu
  ID:                  r_tATkoQmBV6
  Name:                read-only
  Updated Time:        Wed, 29 Dec 2021 12:42:28 CET
  Version:             3

  Scope:
    ID:                o_8nBVBFKtKu
    Name:              <-- omitted -->
    Parent Scope ID:   global
    Type:              org

  Authorized Actions:
    no-op
    read
    update
    delete
    add-principals
    set-principals
    remove-principals
    add-grants
    set-grants
    remove-grants

  Principals:
    ID:             g_IPQY9RtN7J
      Type:         group
      Scope ID:     o_8nBVBFKtKu

  Canonical Grants:
    id=*;type=*;actions=list,read