Login failure due to access restrictions

Update timeline

1. identified Aug 11, 2025, 10:02 PM UTC

   It was identified that a permission misconfiguration is preventing a user from accessing the platform, displaying an Access denied message.

2. resolved Aug 11, 2025, 10:04 PM UTC

   The incident has been resolved, and now platform access has been fully restored.

3. postmortem Aug 11, 2025, 10:06 PM UTC

   **Impact** At least one user experienced difficulties accessing the platform. The issue started on UTC-5 25-06-27 15:55 and was reactively discovered 26 days \(TTD\) later by a client who reported through our help desk [\[1\]](https://help.fluidattacks.com/agent/fluid4ttacks/fluid-attacks/tickets/details/944043000042595654) that the platform displayed an `Access denied` message when trying to access the platform. The problem was resolved in 5.2 hours \(TTF\), resulting in a total window of exposure of 26.2 days \(WOE\) [\[2\]](https://gitlab.com/fluidattacks/universe/-/issues/17099). **Cause** During a system update to improve security, some of the general user permissions were not fully updated. As a result, all users with similar roles were missing certain permissions needed to access specific features, which prevented platform access [\[3\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/80075). **Solution** The missing permissions were added to the `User` role, restoring access to the platform. In this case, three specific access permissions were granted [\[4\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/81612). **Conclusion** The incident highlights the importance of reviewing and updating general permission settings during system changes to ensure that all users retain access to the needed features. **FAILED\_MIGRATION < INCOMPLETE\_PERSPECTIVE**