Impact
An unknown number of organizations encountered issues in the Billing section, as it was not listing information related to groups and authors. The issue started on UTC-5 24-03-11 12:48 and was proactively discovered 2.1 days (TTD) later by one of our engagement managers who reported through our help desk indicating that the Billing section on the platform is not displaying the information correctly. The problem was resolved in 20.4 hours (TTF) resulting in a total impact of 2.9 days (TTR) [1][2].
Cause
The query fetching author information per group was not executed, leading to an error in the Billing module due to the absence of the api_resolvers_group_billing_resolve
permission [3].
Solution
A condition that checked if users had permission to perform a specific action related to Billing was removed from the code, and the team also addressed the Access denies
error that occurred when users lacked the corresponding permission [4].
Conclusion
A lack of understanding regarding permission validation on the front-end led to the issue reaching production. To prevent similar incidents, the team has implemented end-to-end tests for this specific case [5]. INCOMPLETE_PERSPECTIVE < MISSING_TEST