Glean Collaboration Exercise

icon picker
Config/Secret Store


Screen Shot 2023-03-23 at 1.39.59 AM.png


Are you the IT admin of this company? Do you have admin permissions to the GCP project?
Steps to Validate
Either you or I can ask your IT admin if they can see the Doc.
The IT admin can see the Doc:
It is an issue with the customer’s permissions
Solution: Upgrade the customer’s permissions
Check that the user is provisioned correctly in Okta or Ping
Check that the user’s email domain matches the expected customer domain
whether or not the user is assigned to the correct groups
The IT admin cannot see the Doc:
It be a company wide ACL issue. Like maybe new docs have the wrong ACL permissions.
Check if maybe the firewall configurations and IAM rules are set up correctly
Glean has alerts that detect when the firewall and IAM rules don’t match up so see if broadening up the firewall or changing the IAM rules fixes it
Do any errors pop up?
Inspect element
Right click, and select “inspect element”
if you’ve never used it before
Check the console and Network tab.
Does an error pop up saying anything about a regex match.
Next steps:
Communicate to the customer that this means the query has been blocked by the company query blacklisting controls and they should talk to their IT Admin.
Have you changed your projects permissions recently?
To test this out you can check the to see if theres been a change to the system configuration
Check that the customer has not changed the default for any GCP org level constraint for the project
follow this to generate a report of changes relative to an existing service configuration version
Have you changed the secrets to your Connector Handlers and the Identity & Permissions Store
Check to see if you recently rotated the credentials of the service accounts set up for Glean in the SaaS applications and forgot the update Glean with the new credentials
manually regenerate the secrets, replace the secrets with the new ones, and see if things are fixed then.
Go to the
If they are the IT admin, see if they can query within the Identity & Permission store and see if there are any permissions missing
The Customer’s Glean GCP has a “deployer” service account (glean-deployer) that can view the contents in the config Cloud Storage bucket.
Check that they are not running any other services in the GCP project that haven’t been run by the glean team
List the services running in the GCP project -
Compare to the

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.