diff --git a/.github/workflows/managed.yml b/.github/workflows/managed.yml
index e423045c19e..a0917675c5b 100644
--- a/.github/workflows/managed.yml
+++ b/.github/workflows/managed.yml
@@ -43,6 +43,7 @@ jobs:
       - name: Launch PMM Server (see docker-compose.yml)
         run: |
           make env-compose-up # the container workdir is /root/go/src/github.com/percona/pmm
+          docker exec -t pmm-server id -Z || :
           docker logs pmm-server
 
       - name: Mark the root directory of pmm as safe
@@ -120,7 +121,7 @@ jobs:
           docker exec pmm-server go env | sort
           docker exec pmm-server supervisorctl status || true
           services=$(docker exec pmm-server supervisorctl status | awk '{print $1}')
-          while IFS= read -r service; do
+          for service in "$services[@]"; do
             echo "Logs for $service:"
             docker exec pmm-server supervisorctl tail $service
-          done <<< "$services"
\ No newline at end of file
+          done
diff --git a/api-tests/server/auth_test.go b/api-tests/server/auth_test.go
index 507467fb08b..0430f11d1e5 100644
--- a/api-tests/server/auth_test.go
+++ b/api-tests/server/auth_test.go
@@ -500,10 +500,8 @@ func TestServiceAccountPermissions(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			for _, user := range test.userCase {
-				user := user
 				t.Run(fmt.Sprintf("Service Token auth %s", user.userType), func(t *testing.T) {
 					// make a BaseURL without authentication
 					u, err := url.Parse(pmmapitests.BaseURL.String())
diff --git a/managed/services/grafana/auth_server.go b/managed/services/grafana/auth_server.go
index 61be2bf8668..4379d23ad09 100644
--- a/managed/services/grafana/auth_server.go
+++ b/managed/services/grafana/auth_server.go
@@ -77,12 +77,8 @@ var rules = map[string]role{
 	"/v1/server/updates:start":        admin,
 	"/v1/server/updates:getStatus":    none, // special token-based auth
 	"/v1/server/settings":             admin,
-	"/v1/platform:connect":            admin,
-	"/v1/platform:disconnect":         admin,
-	"/v1/platform/organization/":      viewer,
-	"/v1/platform/contact":            viewer,
-	"/v1/platform/server":             viewer,
-	"/v1/platform/user":               viewer,
+	"/v1/platform:":                   admin,
+	"/v1/platform/":                   viewer,
 	"/v1/users":                       viewer,
 
 	// must be available without authentication for health checking