[FOLIO-2945] Create ldp report user on reference environments Created: 05/Jan/21 Updated: 03/Aug/21 |
|
| Status: | In Progress |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | TBD |
| Reporter: | Ian Hardy | Assignee: | Ian Hardy |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue links: |
|
||||||||||||
| Sprint: | DevOps: Sprint 105, DevOps Sprint 109, DevOps Sprint 107, DevOps Sprint 108, DevOps Sprint 106 | ||||||||||||
| Development Team: | FOLIO DevOps | ||||||||||||
| Description |
|
From Nassib Nassar Hello, I think we are seeing again a problem that was discussed here on Nov. 24, which is 403 errors connecting to interfaces in: mod-email mod-feesfines mod-finance-storage mod-inventory-storage mod-invoice-storage mod-orders-storage mod-organizations-storage In November the problem was missing permissions for diku_admin, although it was not clear why the permissions had stopped being assigned during the build. The symptoms here appear to be identical. The problem prevents reporting SMEs from working on FOLIO report development. Thank you for any assistance. |
| Comments |
| Comment by Nassib Nassar [ 05/Jan/21 ] |
|
To clarify, this problem is observed with folio-snapshot which is the data source used for the reporting reference environment. |
| Comment by Ian Hardy [ 05/Jan/21 ] |
|
Hi Nassib, the permissions look OK to me. I didn't check every module, but got a fresh token for diku admin and was able to use it to get things like /item-storage/items and /feefines without problems. Where specifically are you seeing this 403? |
| Comment by Nassib Nassar [ 05/Jan/21 ] |
|
The problem appears to have been fixed. The details were the same as in the Nov. 24 thread and affected the same interfaces: Response code: mod-email: /email: 403 Response code: mod-feesfines: /transfer-criterias: 403 Response code: mod-finance-storage: /finance-storage/budgets: 403 Response code: mod-finance-storage: /finance-storage/fiscal-years: 403 Response code: mod-finance-storage: /finance-storage/fund-types: 403 Response code: mod-finance-storage: /finance-storage/funds: 403 Response code: mod-finance-storage: /finance-storage/group-fund-fiscal-years: 403 Response code: mod-finance-storage: /finance-storage/groups: 403 Response code: mod-finance-storage: /finance-storage/ledger-fiscal-years: 404 Response code: mod-finance-storage: /finance-storage/ledgers: 403 Response code: mod-finance-storage: /finance-storage/transactions: 403 Response code: mod-inventory-storage: /instance-storage/instance-relationships: 403 Response code: mod-invoice-storage: /invoice-storage/invoice-lines: 403 Response code: mod-invoice-storage: /invoice-storage/invoices: 403 Response code: mod-invoice-storage: /voucher-storage/voucher-lines: 403 Response code: mod-invoice-storage: /voucher-storage/vouchers: 403 Response code: mod-orders-storage: /acquisitions-units-storage/memberships: 403 Response code: mod-orders-storage: /acquisitions-units-storage/units: 403 Response code: mod-orders-storage: /orders-storage/alerts: 403 Response code: mod-orders-storage: /orders-storage/order-templates: 403 Response code: mod-orders-storage: /orders-storage/po-lines: 403 Response code: mod-orders-storage: /orders-storage/purchase-orders: 403 Response code: mod-orders-storage: /orders-storage/receiving-history: 403 Response code: mod-orders-storage: /orders-storage/reporting-codes: 403 Response code: mod-organizations-storage: /organizations-storage/organizations: 403 |
| Comment by Ian Hardy [ 05/Jan/21 ] |
|
Nassib reports it only seems to have occured certain days: Dec. 3, 17, 28, 30, and Jan 4. Difficult to reconstruct, but happening enough that its probably worth looking into. Nassib will review LDP logs, if we're still in the dark, set up a jenkins job to: 1. Login as diku_admin |
| Comment by Nassib Nassar [ 18/Feb/21 ] |
|
This was seen again on February 9, and is active again today (February 18). |
| Comment by Nassib Nassar [ 24/Feb/21 ] |
|
This is active again today (February 24). |
| Comment by Nassib Nassar [ 12/Mar/21 ] |
|
This is active again today (March 12). |
| Comment by Ian Hardy [ 12/Mar/21 ] |
|
Zak Burke suggested this is happening when you edit diku_admin's perms in the UI. Perms that aren't visible don't get preserved when you save. I re-ran the tenant-admin-perms role Attaching output here. lines that start "skipping" mean that permission was never lost, starting with "changed" means the permission needed to restored. changed-perms.txt |
| Comment by Ian Hardy [ 18/Mar/21 ] |
|
Zak has opened
|
| Comment by Jakub Skoczen [ 13/Apr/21 ] |
|
Ian Hardy is this closed? |