Hello,
I'm working on migrating a production Islandora site to a new, ISLE based site.
All of the databases, Fedora dataStreams and objectStreams were copied over, and the Fedora and Solr indexes were rebuilt.
The new site mostly works, with most records loading as expected. However, there are some issues with some records failing to load with an "Access Denied, You are not authorized to access this page" error.
Looking at one of the instances of this, I'm seeing the following error in the Fedora log:
```
org.fcrepo.server.errors.StreamIOException: [DatastreamManagedContent] returned the error: "org.fcrepo.server.errors.ObjectNotInLowlevelStorageException". Reason: Object not found in low-level storage: ncm:226338+POLICY+POLICY.1
at org.fcrepo.server.storage.types.DatastreamManagedContent.getContentStream(DatastreamManagedContent.java:187) ~[fcrepo-server-3.8.1.jar:na]
```
Since the dataStream and objectStream directories were copied over, and I confirmed the relevant files for ncm:226338 are present in the new site's data/objectStream directories, I'm thinking maybe the issue is a missing XACML policy.
The new site is using the basic, default and minimal XACML policy set.
I have a large collection of XACML policy files from the old site, and the one for the record showing the access denied error (ncm:226338.xml) looks like this:
```
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" PolicyId="islandora-xacml-editor-v1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Rule RuleId="allow-everything-else" Effect="Permit">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
</Rule>
</Policy>
```
This policy file looks to setting a blanket "grant all priviliges" policy.
One issue I'm having is that I'm not sure where this file needs to go. I've tried putting the file in the following paths:
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/ncm:226338.xml
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora/ncm:226338.xml
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/ncm/ncm:226338.xml
None of these have made a difference.
I'm wondering if anyone has seen this error before, and if there's another place policy files need to go, or if this kind of error might have another cause.
I'm confused by the fact that this issue is intermittent, many records are loading fine and there doesn't seem to be anything specific or special about this records policy set.