Issue mitigation steps
Implementing the fix will address the underlying code issue and prevent users from being affected again. However, the users who were affected earlier will lose access to the entities such as Projects, timesheets and status reports. To ensure that users continue to access their rightful entities, the affected users must be replaced with new ones and the appropriate entities need to be reassigned to these new users before implementing the fix.
Users whose records were impacted are referred to as “affected users,” and projects, timesheets, and status reports whose content may have been changed while owned by the wrong user are referred to as “affected entities.”
Reassign ownership, deploy the fix, and restart workflows
Step 1: Fix the affected entities
The Site collection admin can view the list of currently affected entities on the Additional Server Settings page. A list of all affected entities is provided (refer to the figure below to see a sample list generated for an affected tenant).
How do I fix the affected resources?
For every user in the three resources lists: “Affected resource”, “Resources with affected Timesheet Manager”, and “Resources with affected Default Assignment Owner”, do the following:
- Review all the tables and determine the required users that should be in the system and create resources for them.
- If needed, add the new users to the timesheet manager list.
- Edit every resource that has an incorrect “Timesheet Manager” or “Default Assignment Owner” and set them to correct value.
- If a list is empty, your organization didn’t have any affected resources and you can move to the next category.
- Resources created by setting up Active Directory Sync and resources created from the resource center manually using the new resource creation button were not affected by this incident.
How do I fix the affected projects?
For every project in the two projects lists: “Projects owned by the affected resource” and “Projects with affected Status Manager”, do the following:
- Open the affected project from PWA and change the Owner from the Project Details page, if needed.
- Close the project. If prompted, check in the project.
- Ask the status manager to open the affected project using Project desktop and do the following:
- Find the affected status managers of the tasks in the project, and replace them with the correct resource you created in “How do I fix the affected resources?”
- Publish the project.
How do I fix the affected timesheets?
For every timesheet in the two timesheets lists: “Timesheets created by the affected resource (pending approval)” and “Timesheets to be approved by the affected resource”, do the following:
- Recall the affected timesheet, then:
- For timesheets created by affected users: Have all newly created users recreate and resubmit the timesheet.
- For timesheets submitted for approval to affected managers: Assign these to newly created managers for approval and submit it again.
How do I fix the affected status reports?
For every status report in the two status reports lists: “Status reports owned by the affected resource” and “Status reports requested to the affected resource”, do the following:
- Status reports sent to the affected resource must be sent again to the correct user.
- Status reports requested by the affected resource must be created and requested again.
How do I fix the affected approval rules?
For every approval rule in the list “Approval rules owned by the affected resource”, do the following:
- Have the newly added users create new approval rules on the approvals page.
Step 2: Deploy the fix
Once you have completed Step 1, fix the issue using the Deploy Fix button on the Additional Server Settings page.
Selecting Deploy fix resolves the underlying condition causing the issue. However, this also removes access from the affected users, so make sure that you complete “Step 1: Fix the affected entities” before you deploy the fix.
Step 3: Restart the workflows
Restart the workflows for all the projects with changed owners.
All newly created resources may have to recreate approval rules and configure notifications.