Magento2: Magento 2.4 update. Admin users with custom roles can't login. Get message saying "Sorry, you need permissions to view this content."

Hi @johncollinseu. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

Please, add a comment to assign the issue: @magento I am working on this

• Join Magento Community Engineering Slack and ask your questions in #github channel.

  :warning: According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

:clock10: You can find the schedule on the Magento Community Calendar page.

:telephone_receiver: The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

:movie_camera: You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

:pencil2: Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

There is an issue with 2FA that causes this, under system > permissions > 2 factor auth the user role can end up without permission to use 2FA but at the same time require 2FA to log in. This is probably not a good thing ! Turning on this permission for all our user roles has fixed the issue for us.

Stores > Settings > Configuration > Two Factor Auth also seems to be required. To get our new users to log in I had enable this and System > Permissions > Two Factor Auth as mentioned above.

If I just enabled System > Permissions > Two Factor Auth then I would get the same "Sorry, you need permissions to view this content." error. If I only enabled Stores > Settings > Configuration > Two Factor Auth then the user would get stuck in a redirect loop trying to log in. With both granted however it works as expected sending the user their email to register the 2FA and lets them in once completed.

I can confirm. After upgrade to 2.4.1, all admin users who are not Administrator role get redirect loop after logging in. Update the roles with 2FA permission solved the issue.

We changed the 2FA Controllers to use the generic "Magento_Backend::admin" ACL Resource which all roles should include instead of using the "Magento_TwoFactorAuth::config" ACL Resource to avoid this problem:
Github Issue 29884 - wrong ACL for 2FA.patch.txt