server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon alkem-io

BUG: There are many authorizationPolicies without credentialRules

Open Comoque1 opened this issue 11 months ago • 2 comments

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Go to any env and perform the following query: SELECT * FROM alkemio.authorization_policy where credentialRules like ''
  2. Depending on the amount of data there are different amount of authorization policies, that don't have credentialRules. I.e. for dev env: 574 for prod are a couple of thousands image.png

Expected behavior Authorization policy rest sets correct credentialRules to all authorizationPolicies.

Additional information

The impact of missing credentialRules could result in side effects like, no privilege to read, write, etc..

After cleaning orphans:

These tables have such credential rules and number of issues after pruning is total 1873:

  • document - 57
  • innovation_flow - 13
  • profile - 13
  • storage_aggregator - 10
  • storage_bucket - 1738
  • tagset - 29
  • visual - 13

Comoque1 avatar Mar 19 '24 12:03 Comoque1

This might be caused with merging the account branch. I have noticed a lot more authorization orphan data when running the pruning script.

alstojanovic avatar Mar 19 '24 14:03 alstojanovic

@alstojanovic This is on production. @valentinyanakiev lets use this issue.

So a bit of a context - the creation of one user, and many document on a whiteboard have created auth policies without credential rules. The auth reset fixed the documents, but it will keep happening with each creation and potentially with a reset, because they use the same code path.

hero101 avatar Mar 19 '24 14:03 hero101