Or indeed, removing them temporarily to see if that fixes the issue 
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
adminAuth: {
type: 'credentials',
//sessionExpiryTime: 86400, // in seconds
default: {
permissions: ['*'],
},
users: [
{
username: 'admin',
password: 'dummy', //dummy
permissions: ['*'],
},
{
username: 'random',
password: 'dummy', //dummy
permissions: ['uibuilder.read'],
},
],
},
The above gives all permissions by default to all users.
