I don't recall if there are any permissions to allow it or not. What I do recall is that when using at least AB PLCs, I wasn't able to browse the tags because Kepware required that I uploaded the tag database from the PLC in order to do so, and we don't like doing that, so we couldn't browse down to tags like we could when using the Ignition OPC-UA server.
You probably don't need to set the group to Administrators like I did, but check what group the user you created is a member of and move them to either Administrators or Anonymous Clients.
