diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go
index dbaecc60..fcc032a3 100644
--- a/pkg/handlers/create.go
+++ b/pkg/handlers/create.go
@@ -86,7 +86,6 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 			if service.VO != "" {
 				for _, vo := range cfg.OIDCGroups {
 					if vo == service.VO {
-						authHeader := c.GetHeader("Authorization")
 						err := checkIdentity(&service, cfg, authHeader)
 						if err != nil {
 							c.String(http.StatusBadRequest, fmt.Sprintln(err))
@@ -134,7 +133,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 		}
 
 		// Create buckets/folders based on the Input and Output and enable notifications
-		if err := createBuckets(&service, cfg, minIOAdminClient, service.AllowedUsers); err != nil {
+		if err := createBuckets(&service, cfg, minIOAdminClient, service.AllowedUsers, false); err != nil {
 			if err == errInput {
 				c.String(http.StatusBadRequest, err.Error())
 			} else {
@@ -208,7 +207,7 @@ func checkValues(service *types.Service, cfg *types.Config) {
 	service.Token = utils.GenerateToken()
 }
 
-func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient *utils.MinIOAdminClient, allowed_users []string) error {
+func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient *utils.MinIOAdminClient, allowed_users []string, isUpdate bool) error {
 	var s3Client *s3.S3
 	var cdmiClient *cdmi.Client
 	var provName, provID string
@@ -272,14 +271,19 @@ func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient *
 		}
 
 		// Create group for the service and add users
+		createLogger.Print("Creating MinIO group and users")
 		if !isAdminUser {
 			if len(allowed_users) < 1 {
 				err = minIOAdminClient.AddServiceToAllUsersGroup(splitPath[0])
 			} else {
-				err = minIOAdminClient.CreateServiceGroup(splitPath[0])
-				if err != nil {
-					return fmt.Errorf("error creating service group for bucket %s: %v", splitPath[0], err)
+				if !isUpdate {
+					createLogger.Print("Creating group")
+					err = minIOAdminClient.CreateServiceGroup(splitPath[0])
+					if err != nil {
+						return fmt.Errorf("error creating service group for bucket %s: %v", splitPath[0], err)
+					}
 				}
+				createLogger.Print("Creating/Updating users")
 				err = minIOAdminClient.AddUserToGroup(allowed_users, splitPath[0])
 				if err != nil {
 					return err
diff --git a/pkg/handlers/update.go b/pkg/handlers/update.go
index 6944d226..0aef3eb8 100644
--- a/pkg/handlers/update.go
+++ b/pkg/handlers/update.go
@@ -86,6 +86,12 @@ func MakeUpdateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 					}
 				}
 			}
+
+			if len(newService.AllowedUsers) != len(oldService.AllowedUsers) {
+				//Update users group list
+				minIOAdminClient.AddUserToGroup(newService.AllowedUsers, "")
+
+			}
 		}
 
 		// Update the service
@@ -143,5 +149,5 @@ func updateBuckets(newService, oldService *types.Service, minIOAdminClient *util
 	}
 
 	// Create the input and output buckets/folders from newService
-	return createBuckets(newService, cfg, minIOAdminClient, newService.AllowedUsers)
+	return createBuckets(newService, cfg, minIOAdminClient, newService.AllowedUsers, true)
 }
diff --git a/pkg/utils/auth/oidc.go b/pkg/utils/auth/oidc.go
index 4f66eee0..e6c27f97 100644
--- a/pkg/utils/auth/oidc.go
+++ b/pkg/utils/auth/oidc.go
@@ -102,6 +102,7 @@ func getOIDCMiddleware(kubeClientset *kubernetes.Clientset, minIOAdminClient *ut
 		}
 
 		ui, _ := oidcManager.getUserInfo(rawToken)
+		// TODO check error pointer
 		uid := ui.subject
 		oidcLogger.Println("Request user: ", uid)
 
@@ -123,7 +124,6 @@ func getOIDCMiddleware(kubeClientset *kubernetes.Clientset, minIOAdminClient *ut
 			}
 		}
 		oidcLogger.Printf("Actual state of multienancy config: %v", mc)
-		oidcLogger.Printf("User %s already exists", uid)
 		c.Set("uidOrigin", uid)
 		c.Set("multitenancyConfig", mc)
 		c.Next()
diff --git a/pkg/utils/minio.go b/pkg/utils/minio.go
index 08a1ed18..34a6cee4 100644
--- a/pkg/utils/minio.go
+++ b/pkg/utils/minio.go
@@ -148,23 +148,7 @@ func (minIOAdminClient *MinIOAdminClient) AddUserToGroup(users []string, groupNa
 	return nil
 }
 
-// UpdateServiceGroupMembers updates the members of a service group
-func (minIOAdminClient *MinIOAdminClient) UpdateServiceGroupMembers(groupName string, newMembers []string) error {
-	group := madmin.GroupAddRemove{
-		Group:    groupName,
-		Members:  newMembers,
-		Status:   "enable",
-		IsRemove: false,
-	}
-
-	err := minIOAdminClient.adminClient.UpdateGroupMembers(context.Background(), group)
-	if err != nil {
-		return fmt.Errorf("Error updating members of group: %v", err)
-	}
-	return nil
-}
-
-// DeleteServiceGroup delete the service group and policy
+// DeleteServiceGroup empty the service group and policy
 func (minIOAdminClient *MinIOAdminClient) DeleteServiceGroup(groupName string) error {
 	description, err := minIOAdminClient.adminClient.GetGroupDescription(context.Background(), groupName)
 	if err != nil {
@@ -179,7 +163,7 @@ func (minIOAdminClient *MinIOAdminClient) DeleteServiceGroup(groupName string) e
 
 	err = minIOAdminClient.adminClient.UpdateGroupMembers(context.Background(), group)
 	if err != nil {
-		return fmt.Errorf("Error removing group: %v", err)
+		return fmt.Errorf("Error emptying group: %v", err)
 	}
 
 	err = minIOAdminClient.adminClient.RemoveCannedPolicy(context.TODO(), groupName)