Restore GRANT permissions for admins group and permissions debug


#1

Ohai!

  1. In one of chef organisations admins group lost GRANT permission. Exactly the kind of problem fixed in https://www.chef.io/blog/2015/09/02/chef-server-12-2-0-release-announcement/ but we’re running 12.0.3 at the moment.

Question is how can I fix it? I found https://github.com/chef/fixie, how can I use it to fixup my permissions?
Where do I get user id for identification?

  1. We’re setup ACLs to be read only for all users except one in one of our organisation, however it appeared to not have any effect.
    We used knife acl to create read only group and granted needed permissions to it. However after removing user from all the other groups apart from read only, user still could edit objects and create new one, despite having no edit permissions on the object or create on container. In the same time same user lost permissions in another organisation.
    I also witnessed sporadic no create permissions responses for user who actually has the permissions. It was not reproducible, i.e. on next call action was performed as expected.

How can I get more insight on how permission system is functioning? Which logs should I look in for clues? Where can I see error messages which result in permission denied errors?