Some users with Owner or Admin role cannot access Alerts

[simPod]

Self-Hosted Version

22.5.0

CPU Architecture

x86_64

Docker Version

Docker version 20.10.5+dfsg1, build 55c4c88

Docker Compose Version

Docker Compose version v2.4.1

Steps to Reproduce

1. Have Owner role
2. Go to Alerts (/organizations/myorg/alerts/rules/)

There are other users with Admin or Owner role, who can access it so it's not 100% reproducible.

Expected Result

See Alerts.

Actual Result

Your role does not have the necessary permissions to access this resource, please read more about organizational roles

I can see xhr request sent with status code 403:

/api/0/organizations/myorg/combined-rules/?expand=latestIncident&expand=lastTriggered&sort=incident_status&sort=date_triggered&team=myteams&team=unassigned

with response body

[aminvakil]

I guess this is related to getsentry/sentry, @ethanhs @chadwhitacre if you agree, can you migrate it to appropriate repository?

[simPod]

@aminvakil We're selfhosting the sentry.

[aminvakil]

@simPod You're right, I just don't think this error is something related to installing sentry in self-hosted repository, I think this logical error is something which should be handled in getsentry/sentry.

For example if you were getting 403 Forbidden only and not 403 You do not have permission to perform this action. then I would suspect something wrong in nginx configuration or I would help you through your setup if you had a loadbalancer, etc.

[getsentry-release]

Routing to @getsentry/enterprise for triage. ⏲️

[leedongwei]

@simPod Thanks for the bug report!

That's a little odd if the page behave differently for other Owners in the organization.

An alert is a child of a project, and a project can be the child of many teams. Can you check if you're in a team that has access to the project for the alert?

[simPod]

@leedongwei the Alerts link goes to /organizations/myorg/alerts/rules/. I'm owner of myorg.

There's no project involved. TBH I don't know where's link to project alerts or whether something like that exists. IIRC on the Alerts page there were alerts for more projects, it was all in one page grouped under the org.

[simPod]

When I add a project id to url, I get access to the page: /organizations/datacamp/alerts/rules/?project=19

I think /organizations/myorg/alerts/rules/ needs some refinement.

[simPod]

Also, I have selected all the teams and all the projects in Filters.

I still have access to the page.

But when I select all projects using the button, it gives me the earlier mentioned error

Your role does not have the necessary permissions to access this resource

[simPod]

I've found removed project in db. When I manually change db row and restore the project, the issue is gone. When I then Remove the project using UI, the issue reappears.

[simPod]

I had to remove the "last team" in the project, then Remove it.

[github-actions[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[simPod]

Ve w sv

On Tue, Aug 23, 2022, 02:04 github-actions[bot] @.***> wrote:

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

— Reply to this email directly, view it on GitHub https://github.com/getsentry/sentry/issues/37109#issuecomment-1223348206, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACQAJO56DZAW75WNLDL4JTV2QIRZANCNFSM54ZW7MNA . You are receiving this because you were mentioned.Message ID: @.***>

[itshevtsov]

Faced with the same issue. Sentry version 22.6.0. Installation type: community helm chart

[github-actions[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[simPod]

J

On Tue, Sep 20, 2022, 02:08 github-actions[bot] @.***> wrote:

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

— Reply to this email directly, view it on GitHub https://github.com/getsentry/sentry/issues/37109#issuecomment-1251694521, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACQAJPKE6JXDO7KYN4S3STV7D567ANCNFSM54ZW7MNA . You are receiving this because you were mentioned.Message ID: @.***>

[tomdev]

As an admin user, I also run into this issue. We're on self-hosted Sentry 22.9.0 // e40aded.

[tomdev]

This issue has label Needs More Information set -- is there any more information we can provide?

[chadwhitacre]

@getsentry/enterprise Bump. Putting back on your triage queue. 🙏

[leedongwei]

@simPod @itshevtsov @tomdev Apologies for the tardiness. We're looking into this.

Can you confirm that this happens for Alerts only? i.e. this doesn't happen on other tools like Discover/Performance/Releases?

[chriszo111]

On behalf of @tomdev: @leedongwei I can confirm that this only happens on Alerts. I checked Discover, Performance and Releases and am able to access those.