Users are losing access to redshift tables and views after running user repair or by generating access parity report
Affected Versions: 2.0 1.14
Fix Version: 2.0* 2.1
Customers upgrading to 2.0 after March 16, 2023 does not require explicit patching as the fix will be part of the release artifacts.
Root cause(s)
In user repair and access-parity functionality, it checks and fixes the redshift permission mismatches for Datasets, Views and Domains.
In this process, It lists out domains with tenant information i.e. “TenantName” attribute where as the existing domains i.e. domains created before the multi-tenancy feature doesn't have TenantName attribute.
When user runs user repair or access-parity functionality, It is not considering these existing domains as valid domains and therefore removing the redshift permissions for them.
Same thing is getting applied to datasets without TenantName attribute and also the materialized views which are nothing but a redshift table (mv_tbl) in the backend terminology.
Impact
After completing the user repair action, system will remove the redshift tables and views access for all the users. Users will not be able to query any data present in the redshift cluster. There is no impact to the actual data present in the cluster.
Mitigation
Fix is available in Amorphic version 2.1. Please upgrade to the latest version to resolve this issue.
Patch is available for Amorphic versions v2.0.
Timeline
- 2023-01-04: Bug reported/identified (CLOUD-3015)
- 2023-01-06: Bug triaged
- 2023-01-06: Bug fixed
- 2023-03-15: Testing of patch on v2.0 is completed
- 2023-03-16: Patch for v2.0 released
- 2023-03-28: Amorphic version 2.1 Released with the bugfix