Look up user authentication

Hi Team,

I have successfully able to update the user permission in user.yaml file and perform the user sync command. Output of the user sync command suggests that authorizations are updated.

When one of the modified user tries to the perform the activity that he/she is added authorization to, is facing 403 forbidden error. user has also tried to log in and log out of gen3 and google account as well.

Deployment is in ec2 instance through docker-compose. I would like to know the way by which we can easily list out the user permissions?

The easiest way for administrators would be to query Arborist database directly. Here is useful information about accessiong databases in Compose Services https://github.com/uc-cdis/compose-services#some-database-info

Here is my admin role policy:

policies:

  • id: admin
    description: overall admin policy
    resource_paths:
    • /workspace
    • /services
    • /data_file
    • /programs
      role_ids:
    • admin

And I did run user sync command. i.e., docker exec -it fence-service fence-create sync --arborist http://arborist-service --yaml user.yaml

Then visited the arborist db and verified that admin profile is latest. But when I logout and login from the gen3 instance, latest authorizations are missing. Can you help in debugging this issue?

And whenever I visit workspace as an admin, I receive the following error,

" Error opening workspace...

Workspace is not enabled, or you do not have access. Please contact administrator for more information."

Hi Shyamal,

could you login again and check arborist and revproxy logs with docker logs ...

2020/10/06 20:47:39 response.go:85: INFO: no user found with username: ***********

above line is retrieved from the arborist logs which says that email id is not identified. This particular email id is in the list of users with admin level privileges,

users:
aaaa:
tags:
name: ******
email: ********
policies:
- admin

Issue is resolved in Slack discussion. Thanks