I have looked though the old topics and see items similar that deal with ACLs, but do no look fully like the issue I am seeing. When running chef-client, getting a 403 back but when running knife cookbook show|download {cookbook}, knife does not return any errors. I've deleted node and client, rebootstrapped, etc, but still seeing same call out below: (Any pointers)

[2020-11-19T18:24:27-06:00] INFO: HTTP Request Returned 403 Forbidden: {"message"=>"Read permission is not granted for one or more cookbooks", "unauthorized_cookbooks"=>["xxx-role-automation"]}

Error Resolving Cookbooks for Run List:

Authorization Error

This client is not authorized to read some of the information required to
access its cookbooks (HTTP 403).

To access its cookbooks, a client needs to be able to read its environment and
all of the cookbooks in its expanded run list.

Expanded Run List:


Server Response:

{"message"=>"Read permission is not granted for one or more cookbooks", "unauthorized_cookbooks"=>["acx-role-automation"]}


I've compared ACl output with similar node that appear to be working as expected and output appears to be the same:

--> knife edit /acls/nodes/{nodename}.json

Try with

knife acl bulk add group clients nodes node_name update,read (Answer YES)