Uploaded image for project: 'Migration Platform'
  1. Migration Platform
  2. MIG-905

App user cannot access Space after migrating with CCMA

XMLWordPrintable

    • 4
    • Severity 2 - Major

      Issue Summary

      When migrating with Confluence Cloud Migration Assistant, app users are not added to the Space so apps are unable to make REST calls via Connect to access content. App users are added to the default groups, but these groups might not be added to the Space post-migration.

      This is caused by the app not having permission in the Space post-migration. This is similar to MIG-303, however that relates to Custom Content and Restricted Pages.

      Each app in Confluence Cloud has a dedicated user. After installing an app in Cloud, you can see the app user by going to a Space -> Space Settings -> Space Permissions, and under Individual Users you will see a user for each installed app. This user is also added to the default group, but this is not visible in the UI.

      On migrated Spaces, the app user does not appear under Individual Users. Also, the Space does not have a default group applied.

      This is the Individual Users of a Space migrated with CCMA

      This is the Individual Users of a Space created in Cloud, you can see the app user com-atlassian-devhelp-jrichards has been added automatically.

      Steps to Reproduce

      1. Provision a new Cloud site
      2. Create a new Space in server with default permissions, and create a page in the space
      3. Migrate the Space to the new Cloud site
      4. For a Connect app with Scope READ, access the REST endpoint

      GET /wiki/rest/api/content/<id>

      authenticated as the add on for any content id that was in the migration.

      Expected Results

      The content is returned in a JSON blob

      {"id":"6160385","type":"page","status":"current","title":"Test page", ...

      Actual Results

      A HTTP 403 is returned

      403 Forbidden: [
  {
    "statusCode": 403,
    "data": {
      "authorized": false,
      "valid": false,
      "errors": [
        {
          "message": {
            "key": "confluence.space.restricted",
            "translation": "Space is restricted",
            "args": []
          }
        }
      ],
      "successful": false
    },
    "message": "com.atlassian.confluence.api.service.exceptions.PermissionException: Space is restricted"
  }
]

      Workaround

      After the Space is migrated, uninstall and re-install the app. Access the same REST endpoints for the same contentIds. The content should return as expected.

      Another workaround is to add the app user to as an Individual user to the Space. This is the same as Spaces created in Cloud.

        1. image-2021-12-14-16-52-07-330.png
          image-2021-12-14-16-52-07-330.png
          78 kB
        2. image-2021-12-14-16-54-08-711.png
          image-2021-12-14-16-54-08-711.png
          47 kB

              Unassigned Unassigned
              jrichards@atlassian.com James Richards
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: