diff --git a/cypress/e2e/eureka/login/capability-set-permission-in-self-response.cy.js b/cypress/e2e/eureka/login/capability-set-permission-in-self-response.cy.js
new file mode 100644
index 0000000000..cd27e4fb27
--- /dev/null
+++ b/cypress/e2e/eureka/login/capability-set-permission-in-self-response.cy.js
@@ -0,0 +1,58 @@
+import Users from '../../../support/fragments/users/users';
+
+describe('Eureka', () => {
+  describe('Login', () => {
+    const selfCallpath = '/users-keycloak/_self?expandPermissions=true*';
+    const permissionName = 'ui-checkout.all';
+    let userA;
+    let userB;
+    let roleId;
+    let capabSetId;
+
+    const capabSetToAssign = { type: 'Data', resource: 'UI-Checkout', action: 'Manage' };
+
+    before('Create user, get data', () => {
+      cy.getAdminToken();
+      cy.createTempUser([]).then((userAProperties) => {
+        userA = userAProperties;
+        cy.assignCapabilitiesToExistingUser(userA.userId, [], [capabSetToAssign]);
+      });
+      cy.createTempUser([]).then((userBProperties) => {
+        userB = userBProperties;
+        cy.createAuthorizationRoleApi().then((role) => {
+          roleId = role.id;
+          cy.getCapabilitySetIdViaApi(capabSetToAssign).then((setId) => {
+            capabSetId = setId;
+            cy.addCapabilitySetsToNewRoleApi(roleId, [capabSetId]);
+            cy.addRolesToNewUserApi(userB.userId, [roleId]);
+          });
+        });
+      });
+    });
+
+    after('Delete user', () => {
+      cy.getAdminToken();
+      Users.deleteViaApi(userA.userId);
+      Users.deleteViaApi(userB.userId);
+      cy.deleteAuthorizationRoleApi(roleId);
+    });
+
+    it(
+      'C589233 Permission associated with assigned capability set is returned from "_self" endpoint upon login (eureka)',
+      { tags: ['criticalPath', 'eureka', 'C589233'] },
+      () => {
+        cy.intercept('GET', selfCallpath).as('selfCall');
+        cy.login(userA.username, userA.password);
+        cy.wait('@selfCall').then((call) => {
+          expect(call.response.statusCode).to.eq(200);
+          expect(call.response.body.permissions.permissions).to.include(permissionName);
+        });
+        cy.login(userB.username, userB.password);
+        cy.wait('@selfCall').then((call) => {
+          expect(call.response.statusCode).to.eq(200);
+          expect(call.response.body.permissions.permissions).to.include(permissionName);
+        });
+      },
+    );
+  });
+});
diff --git a/cypress/e2e/eureka/users/user-entities-cleanup.cy.js b/cypress/e2e/eureka/users/user-entities-cleanup.cy.js
index 5d74c7694a..6708ee3710 100644
--- a/cypress/e2e/eureka/users/user-entities-cleanup.cy.js
+++ b/cypress/e2e/eureka/users/user-entities-cleanup.cy.js
@@ -40,7 +40,7 @@ describe('Eureka', () => {
       'C436914 User-related entities are deleted when user is deleted (eureka)',
       { tags: ['backend', 'eureka', 'eurekaPhase1', 'C436914'] },
       () => {
-        Users.deleteViaApi(testData.user.userId).then((status) => {
+        Users.deleteViaApi(testData.user.userId, true).then((status) => {
           cy.expect(status).equals(204);
           cy.getAuthorizationPoliciesForEntityApi(
             AUTHORIZATION_POLICY_TYPES.USER,
diff --git a/cypress/support/fragments/users/users.js b/cypress/support/fragments/users/users.js
index dfee51f58e..331ccf91d6 100644
--- a/cypress/support/fragments/users/users.js
+++ b/cypress/support/fragments/users/users.js
@@ -67,10 +67,10 @@ export default {
       preferredFirstName: response.body.personal.preferredFirstName,
     })),
 
-  deleteViaApi: (userId) => cy
+  deleteViaApi: (userId, fromKeycloak = false) => cy
     .okapiRequest({
       method: 'DELETE',
-      path: `bl-users/by-id/${userId}`,
+      path: `${fromKeycloak ? 'users-keycloak/users/' : 'bl-users/by-id/'}${userId}`,
       isDefaultSearchParamsRequired: false,
       failOnStatusCode: false,
     })