/
How to triage permissions or 403 401 problems on Eureka envs

How to triage permissions or 403 401 problems on Eureka envs

Owned by Oleksii Petrenko
Nov 22, 2024
2 min read

Rendering problem(Something is not rendered or presented on UI)

  1. Check the UI code and find a condition with the permission name responsible for rendering the block

  2. Try to find a Capability or CapabilitySet by permission name

  3. If Cp or CpSet exists, check that they are assigned to the user and/or shadow user(for ECS)

  4. If they are assigned, check /_/self endpoint for that user and validate permission existence in response

 

If Cp or CpSet does not exist - provide all details from above to the ticket and assign it on the Eureka team

If Cp or CpSet is assigned to the user and not represented in  /_/self - provide all details from above to the ticket and assign it to the Eureka team.

 

API call 403 401 problems on Eureka envs

  1. Check backend code and descriptors and find the permissions that are required for calling this endpoint

  2. Try to find a Capability or CapabilitySet by permission name

  3. If Cp or CpSet exists, check that they are assigned to the user and/or shadow user(for ECS)

  4. If they are assigned, check /_/self endpoint for that user and validate permission existence in response

 

If Cp or CpSet does not exist - provide all details from above to the ticket and assign it to the Eureka team

If Cp or CpSet is assigned to the user and not represented in  /_/self - provide all details from above to the ticket and assign it to the Eureka team.

 

Background jobs 403 401 problems on Eureka envs

  1. Check backend code and descriptors and find the permissions that are required for calling this endpoint

  2. Check RTR compatibility. The token can expire if the process takes a lot of time

  3. If calls are performed under the system user - check the user's permissions in the module descriptor

  4. Try to find a Capability or CapabilitySet by permission name

  5. If Cp or CpSet exists, check that they are assigned to the user and/or shadow user(for ECS)

  6. If they are assigned, check /_/self endpoint for that user and validate permission existence in response

  7. For ECS cross-tenants call be sure that the shadow user has all necessary Cp and CpSets assigned to him

 

If Cp or CpSet does not exist - provide all details from above to the ticket and assign it on the Eureka team

If Cp or CpSet is assigned to the user and not represented in  /_/self - provide all details from above to the ticket and assign it to the Eureka team.

Related content