Users Permissions Dissapearing

[Matt-CyberGuy]

Morning,

I have a strange one. One of our users this morning complained they were unable to use remote access. I took a look and found even though their list of permissions were correct, when I went to edit them, all of the checks were blank. I just recently enabled force 2fa and password length & complexity requirements, I'm not sure if that might have done it or not. I'm also running the server in a docker container, not that it should matter.

As far as I can tell, all of my non-admin users permissions look like this now with their permissions listed, but the edit area is blank.

[Ylianst]

This is weird. I can't replicate this. Can you open the browser debug console and see if any errors are displayed? On FireFox it's "Ctrl-Shift-K" on Chrome it's "Ctrl-Shift-I". On FireFox the console looks like this:

If you see any errors, that is good news. Cut & paste the error back. Thanks.

[LPJon]

Duplicate of #2124 @matt-cylanda @Ylianst Please look at the issue above. This seems to be related to some database issues, possibly with MongoDB. During the upgrade to 0.7.33 it seems the account used for the upgrade has its permissions removed for agents that were assigned to it. There aren't any errors in the "inspect element" window. It seems the original admin account (created during initial setup) will allow access to the agents as long as it was assigned access rights before the update.

[Ylianst]

I wish I would replicate this issue on my servers. I use MongoDB all the time. Looking into it now but I have to start looking in the dark since I don't have much information to go on. The screenshot above looks like it's for permissions to a user group and it displays the permissions correctly but when you go to edit them, they are blank.

[Matt-CyberGuy]

Hi @Ylianst, you are correct, the above is for a users permissions in a usergroup. I did find a user for another user group that had their permissions intact, so this wasn't a global issue. It would possibly make sense that coincides with a database upgrade since the user that had their permissions in tact was onboarded within the first week of starting our server. The other users were only added recently.

Also, the console in chrome is not reporting any errors.

[LPJon]

To add to @matt-cylanda comment. In my case the user group that my user was in was completely removed from the device groups if that helps. Also, would access to my vm help you to figure this out. I have a snapshot of the vm at v0.7.32 before the upgrade and a snapshot after the work around so you could mess with it safely as long as the snapshots were not removed. Could that be helpfull to you?

[Ylianst]

Ok. Publsihed MeshCentral v0.7.34 that does not mess up the database anymore. Looking into the root cause now.

[Ylianst]

Ok. I have a working theory as to what is going on. The problem will only occur for accounts with any of these 3 special chars: dot (.), dollar ($) and parentage (%) in the name. So, accounts with an email addresses as the name, etc. These accounts need special escaping since MongoDB and NeDB don't allow a dot in the field name.

This is also good because I can work on reversing the issue, so a server update will fix it.

[asasin114]

I seem to have access to everything again after building a new user group. The ticket that was closed by @LPJon a bit ago also had a mention from me of the following error I am receiving on my MeshCentral instance running on Windows Server 2019 DC Edition:

[Ylianst]

Working on a fix, will take a few hours to validate.

[Ylianst]

For the database "mongodump.exe" warning. If you are not using the MeshCentral built-in backup system, you can ignore that. I will fix it so that if you turned off auto-backup, that warning will no show. You can turn off like this:

"AutoBackup": false

This is in the settings section of the config.json. If you want to use the built-in auto backup, you can fix the problem by specifying the path to "mongodump.exe" like this:

    "AutoBackup": {
      "mongodumppath": "C:\\Program Files\\MongoDB\\Tools\\100\\bin\\mongodump.exe",
      "backupIntervalHours": 24,
      "keepLastDaysBackup": 3,
      "zipPassword": "test",
      "backupPath": "C:\\temp",
    }

Let me know if that helps.

[Ylianst]

To be clear, I am working on a fix for the permission issue so that if the database is not right, the new version will fix it without having to restore a backup or do any changes.

[Ylianst]

Published MeshCentral v0.7.35 with a fix for this. Exactly replicated the problem and this should fix it. Let me know if it works.

[Matt-CyberGuy]

You guys are so awesome! We'll update our docker container tonight

[LPJon]

I can confirm that upgrade from 0.7.32 to 0.7.35 works. Will report shortly with 0.7.33 to 0.7.35 results. I can also confirm that upgrading from 0.7.33(with confirmed permission issue) to 0.7.35 corrects this issue. It works!....thank you Sir.

[Ylianst]

Nice! Thanks for reporting back.