What happened

• In the past months we’ve been working to improve our authorization system so it becomes more flexible, allowing us to have granular control over each action a user can perform (ABAC).
• After this change was introduced, permissions within a group didn’t match if the group name wasn’t in lowercase. This has always been a backend transformation totally transparent to the user

What we’ve done

• We first received reports on May 19 and committed the fix on July 1 at 08:16 AM after investigating it for the past 3 weeks.
• We implemented a new tracking tool: LogRocket. With it, we were able to monitor our API’s responses to the affected users, which helped us identify and reproduce the problem

What’s the impact

• Some users have reported that they sometimes weren’t able to view some buttons even if they had access to a group.

What we are doing to help

• We are improving our tests and error reporting to better spot and avoid this kind of problem.