diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py
index daa89d5..e3bdb64 100644
--- a/neon_hana/auth/client_manager.py
+++ b/neon_hana/auth/client_manager.py
@@ -52,7 +52,8 @@
                                               diana=AccessRoles.USER,
                                               node=AccessRoles.USER,
                                               hub=AccessRoles.USER,
-                                              llm=AccessRoles.USER)
+                                              llm=AccessRoles.USER,
+                                              users=AccessRoles.NONE)
 
 
 class ClientManager:
@@ -274,6 +275,10 @@ def check_refresh_request(self, access_token: Optional[str],
         except ExpiredSignatureError:
             raise HTTPException(status_code=401,
                                 detail="Refresh token is expired")
+        except ValidationError:
+            raise HTTPException(status_code=400,
+                                detail=f"Invalid token data received from "
+                                       f"client: {client_id}.")
         if refresh_data.jti != token_data.jti + ".refresh":
             raise HTTPException(status_code=403,
                                 detail="Refresh and access token mismatch")