Graylog 4: Can't find route for grn grn::::builtin-team:everyone of type: builtin-team

Hello,

When I click on the top right avatar icon and select “Show profile” while logged in as the admin user, I get an error page titled “Something went wrong” with the following error:

Can't find route for grn grn::::builtin-team:everyone of type: builtin-team

This happened after I removed ownership of a stream from Everyone and gave it to another admin user. No streams are owned by Everyone now. I wonder if that is the issue.

Regarding the other admin user, when I go to its profile and click “View details” to list the shared streams, the paginated area fails with the same error when I click on a certain page number in the paginated navigation area.

Anyone knows how can I fix this error?

@meea
What version of Graylog are you using?
Was this server just upgrade?

The server was upgraded on February this year, current version is 4.0.5

Hello,
I’m also running GL 4.0.5, ES 7.10, and MongDB 4.4.

Was your Graylog server connect to AD/LDAP prior to the upgrade in February?
Are you running the GL Enterprise version?
By chance are you using HTTPS?
What does your Graylog, Elasticsearch log files show when this happens?

I dont see “Show profile” on mine, or did you mean “edit profile”?

image

In Graylog 4.0 adjustments were made to Teams and Users. If your not using Graylog Enterprise version then I’m thinking your users need to be reconfigure since the free version of Graylog can not use Teams.
Instead there is a Shared button as shown here

Enterprise organizations can leverage AD/LDAP synchronization, using their authoritative identity source to populate Teams.

https://docs.graylog.org/en/4.0/pages/permission_management.html
Hope this helps.

Yes, it’s always been connected to LDAP

No, the free version.

Yes, everything is HTTPS

Nope, it’s “Show profile” on mine:

show-profile

Yeah, I’m aware of that, since I am using the API for other stuff (unrelated to this question) and I had to update the code related with giving users permissions to streams.

All the relevant streams are visible to the right users, since the streams have been shared with users using the Shared button on the stream.

This question is because I used the Shared button to remove “Everyone” from a stream, where it was the owner, and made another user the owner (an admin user). It seems like the prefix grn:::: is applied to stream ids, user ids and team ids in Graylog (for example, in the /authz/shares/entities/{entityGRN} endpoint of the Graylog API, you have to send stream and user ids in this format).

It looks like the profile page and the streams widget in the profile page may be trying to access the Everyone team by id, using the id in the format grn::::builtin-team-everyone but it can’t access it for some reason. It also looks like a JavaScript error. This is the stacktrace:

Can't find route for grn grn::::builtin-team:everyone of type: builtin-team

Stack Trace:

l@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:904808
V/</i<@https://example.com/assets/1d38d202-38.93b51f9ca3be4394b382.js:1:15388
V/<@https://example.com/assets/1d38d202-38.93b51f9ca3be4394b382.js:1:15645
$t/r.__iterateUncached/<@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2108861
VPaD/Np4/e.exports</Ct.prototype.__iterate@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2102816
$t/r.__iterateUncached@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2108819
pe@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2083399
VPaD/Np4/e.exports</J.prototype.__iterate@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2082066
toArray@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2126946
Ct@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2100933
vn@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2114867
map@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2128743
V@https://example.com/assets/1d38d202-38.93b51f9ca3be4394b382.js:1:15306
$o@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:281839
Ls@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:327889
Mc@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:320633
mc@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:320556
sc@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:317586
Za/<@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:269227
434/exports.unstable_runWithPriority@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:780503
Ua@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:268936
Za@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:269174
Va@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:269107
nc@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:314371
yi@https://example.com/assets/vendor.594b2a39cb22b445205e.js:2:286185
ie/</</<@https://example.com/assets/1d38d202-38.93b51f9ca3be4394b382.js:1:18364
s@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2453915
o/<[22]</n.exports/T.prototype._settlePromiseFromHandler@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2426842
o/<[22]</n.exports/T.prototype._settlePromise@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2427642
o/<[22]</n.exports/T.prototype._settlePromise0@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2428341
o/<[22]</n.exports/T.prototype._settlePromises@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2429693
l@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2380854
c@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2380794
o/<[2]</a.prototype._drainQueues@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2381908
a/this.drainQueues@https://example.com/assets/app.93b51f9ca3be4394b382.js:2:2380727


Component Stack:

    in V
    in tr
    in W
    in i
    in tbody
    in table
    in DataTable__StyledTable
    in div
    in div
    in div
    in div
    in i
    in d
    in SharedEntitiesOverview__StyledPaginatedList
    in ie
    in div
    in t
    in div
    in t
    in Row
    in s
    in ue
    in fe
    in i
    in Unknown
    in Unknown
    in n
    in t
    in t
    in div
    in t
    in div
    in t
    in AppWithoutSearchBar__StyledRow
    in div
    in t
    in div
    in AppContentGrid__Container
    in u
    in f
    in t
    in t
    in div
    in Lt
    in o
    in pt
    in h
    in Rt
    in t
    in t
    in c
    in t
    in Ir
    in Unknown
    in ConnectStoresWrapper[Unknown/Anonymous] stores=streams
    in je
    in T
    in f
    in v
    in b
    in Unknown
    in n
    in F
    in ConnectStoresWrapper[F] stores=currentUser,server,sessionId
    in je
    in T
    in Z

@meea
Hello,
I executed a couple test In my lab as follow.

I apologize, it been a while since I used the built in Admin account.
When I logged into the Administrator account and execute “Show profile" I received this below. Just never noticed it. To be honest really never had to see the profile on the built-in account for graylog.

Testing your issue with streams in my lab, using the built in Administrator account. I tried different ways I could create your issue but failed to come up with the same outcome as you. My testing as follow.

I started out using the built-in Administrator account. Created a stream call test with the owner as “Everyone”.

image

I removed the owner “Everyone” and added my account from AD.


image

Further testing I created a stream called test from Admin account again. Then logged in my User account from AD and did the same testing as above. From my user account I did notice that when using the Administrator account it didnt place an owner on the stream.

NOTE: During my testing I have removed and place owners on the test stream from the built in Administrator account without any warnings.

image

From my user account I added then removed “Everyone”. I received a warning which is shown below.

I’m sorry I cant duplicate your stream issue or am I doing it wrong?

I’m looking into the Administrator 'Show Profile" issue. Unless someone here knows how to fix this. Again, I don’t use the built in administrator account unless AD does down. I think the last time I used Administrator account was when I had to set up AD/LDAP on Graylog 4 when it came out

@meea
Well after messing around for 5 minutes I found something wierd with Administrator account.
I’m not sure what happened but it does not show the error after clicking on the " Show Profile" button.

What I did was logged into the Administrator Built-in account. From there I navigated to SYSTEM → User and Teams page.

I clicked on this hyper link called Administrator as shown below.

Which then showed me this.

I logged out of the Administrator account and then logged back in. No more problems. Must have been a glitch.

hope that helps.

@gsmith Thanks for your reply and your investigations, will try logging in as the built-in admin and do as you did and report back. Your tests for the removal of Everyone ownership seem OK to me, will try that as well again.