Impact
An unknown number of users experienced difficulties while trying to access an organization. The issue was proactively discovered by a staff member who reported through our help desk [1] that it was not possible to access the Saeki organization, its groups or any related link. The problem was resolved in 22.3 hours (TTF) [2].
Cause
The existence of portfolios associated with deleted groups led to the issue and triggered the Access denied message when attempting to access the organization or any related URL.
Solution
Filtering out portfolios that have inactive groups was the initial step in the solution. This approach, although not ideal, helps prevent the problem from recurring while the comprehensive solution is developed. Additionally, instead of using a potentially problematic attribute, we retrieved the group names directly from their unique identifiers to address issues that arose during migration [4].
Conclusion
The problem existed unnoticed in production for some time until it surfaced due to clients not deleting groups within portfolios. To prevent similar issues, implementing logic to automatically remove deleted groups from portfolios is necessary [5]. DATA_QUALITY < FAILED_MIGRATION