Impact
An unknown number of users experienced difficulties while trying to access an organization. The issue was proactively discovered by a staff member who reported through our help desk [1] that accessing the Saeki organization, its groups, or any related link was impossible. The problem was resolved in 22.3 hours (TTF), resulting in a total window of exposure of 22.3 hours (WOE) [2].
Cause
The existence of portfolios associated with deleted groups led to the issue and triggered the Access denied message when attempting to access the organization or any related URL [3].
Solution
The solution's initial step was filtering out portfolios with inactive groups. Although this approach is not ideal, it helps prevent the problem from recurring while the comprehensive solution is developed. Additionally, instead of using a potentially problematic attribute, we retrieved the group names directly from their unique identifiers to address issues that arose during migration [4].
Conclusion
The problem existed unnoticed in production until it surfaced due to clients not deleting groups within portfolios. To prevent similar issues, implementing logic to remove deleted groups from portfolios automatically is necessary [5]. DATA_QUALITY < FAILED_MIGRATION