Open Closed

Permissions and DBMigrator #7971


User avatar
0
chiefupstart created

We have a general question about how permissions get populated in the database. We recently altered several permissions, mostly to better align with naming conventions, and then ran DBMigrator expecting that the altered permissions would be in the AbpPermissions table. However, the AbpPermissions table did not contain our new permissions.

We tried several tests and eventually were able to reliably replicate an issue:

  1. TRUNCATE Permissions, PermissionGroups, PermissionGrants.
  2. Run DBMigrator
  3. PermissionGrants table is populated but not Permissions or PermissionGroups.
  4. Start the API backend project.
  5. Now Permissions and PermissionsGroups are populated.

Our PermissionDefinitionProvider class is in the Application.Contracts project, just FYI.

Is there something we are not correctly understanding about how permissions work? Thank you for your time.

  • ABP Framework version: v8.3
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you see the new permissions in the permission modal? Has your admin granted all permissions?

  • User Avatar
    0
    chiefupstart created

    Hello! Thanks for the quick reply. Yes and no. Permission base classes and sub classes were not updated in the DB through DBMigrator, but new permission strings within the sub classes are added. For example, if I had a Permission like: AzurePermissions.AzureServers.XXX and changed it to AzurePermissions.Servers.XXX and then added a new permission like AzurePermissions.Servers.Create the 'Create' permission would be added in the AbpPermissions table. But AzureServers would remain as the parent.

    I observed this on a local installation where I have full admin permissions. FWIW, our CI/CD pipeline updates/adds permissions just fine. I'm guessing that's because it first runs DBMigrator, then runs the API backend. And if that's what we need to do from now on, that's fine. It's just a departure from what we have been doing which is simply running DBMigrator and I need to know what to tell other devs that run into this issue.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to grant some/all permissions to a user. There should be no problem.

    If you change the permission name and cause a problem, You can share here.

    Thanks.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07