We had the same problem (we use "Fire Starters").
Reason was found in table: /GRCPI/GRIA_CON.
The user had the role in PARAMID: 4010, which is not allowed.
This table was read via: ZXUSRU01 -> INCLUDE /grcpi/gria_userexit.
(READ TABLE lt_conn INTO ls_conn WITH KEY paramid = '4010'. "FFID Role Name)
Kind Regards,
Patrick Vermeire