IdStory Identity Manager

Some info from project:

Active spring profile: production

application-production.properties is copy of classic dev properties.

I can simulate same behavior as project only with these steps:

• create clean enviroment without/with demo data,
• edit superAdminRole and remove permission (Administration (all)),
• after this edit, isn't possible made any another change as yasterday on project,
• only possible fix is update idm_authorization_policy and add back base permission.

On project was disable envers listener (audit not auditing :)) so I search ID of authorization policy (7fa4fa95-bc9e-48bb-b730-9d6c43f96335) in catalina.out and I found these records:

1¶

2018-06-20 13:10:58.132  INFO 7876 --- [ost-startStop-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-save-processor] start for [AuthorizationPolicyEvent [type: CREATE, content: eu.
bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= null], properties: {}]] with order [0].
2018-06-20 13:10:58.182  INFO 7876 --- [ost-startStop-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-save-processor] end for [AuthorizationPolicyEvent [type: CREATE, content: eu.bc
vsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [0].
2018-06-20 13:10:58.182  INFO 7876 --- [ost-startStop-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-delete-permissions-change-processor] start for [AuthorizationPolicyEvent [type: CREATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [2147483647].
2018-06-20 13:10:58.214  INFO 7876 --- [ost-startStop-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-delete-permissions-change-processor] end for [AuthorizationPolicyEvent [type: CREATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [2147483647].
2018-06-20 13:10:58.215  INFO 7876 --- [ost-startStop-1] e.b.i.c.m.s.i.DefaultEntityEventManager  : Event [AuthorizationPolicyEvent [type: CREATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] is completed
2018-06-20 13:10:58.216  INFO 7876 --- [ost-startStop-1] eu.bcvsolutions.idm.InitApplicationData  : Super admin Role created [id: null]
2018-06-20 13:10:58.232  INFO 7876 --- [ost-startStop-1] e.b.i.c.m.s.i.DefaultEntityEventManager  : Publishing event [CoreEvent [type: CREATE, content: eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto [code= admin], properties: {}]]

2¶

2018-07-03 15:39:46.432  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.m.s.i.DefaultEntityEventManager  : Publishing event [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]]
2018-07-03 15:39:46.439  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-save-processor] start for [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [0].
2018-07-03 15:39:46.462  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-save-processor] end for [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [0].
2018-07-03 15:39:46.463  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-delete-permissions-change-processor] start for [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [2147483647].
2018-07-03 15:39:46.470  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.a.e.AbstractEntityEventProcessor : Processor [authorization-policy-delete-permissions-change-processor] end for [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] with order [2147483647].
2018-07-03 15:39:46.471  INFO 23506 --- [nio-8080-exec-1] e.b.i.c.m.s.i.DefaultEntityEventManager  : Event [AuthorizationPolicyEvent [type: UPDATE, content: eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto [code= 7fa4fa95-bc9e-48bb-b730-9d6c43f96335], properties: {}]] is completed

first logs is create the role superAdminRole and then set authorization policy (2018-06-20 13:10). The second one is start of processor authorization-policy-delete-permissions-change-processor. This processor probably remove permissin ADMIN from this authorization policy. After this is next logs warning with forbidden:

2018-07-03 15:43:58.403  WARN 23506 --- [nio-8080-exec-5] e.b.i.c.e.ExceptionControllerAdvice      : [56263166-9340-453b-bd65-b1996df325df] 
eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException: Forbidden: entity [a6953116-04e6-4fb8-bfbd-694027ceb729], permission [AUTOCOMPLETE, READ].
        at eu.bcvsolutions.idm.core.rest.impl.IdmTreeTypeController.getDefaultTreeType(IdmTreeTypeController.java:327)

So probably best explanation: someone made miss-click to multi selectbox and removed this permission (time 2018-07-03 15:39). All behavior with create new superAdminRole works correctly (tested version 8.1.0, 8.1.3 and current develop).