Area: Product Issues
Sub-Area: Access Policies / Ingestion Page Permissions
Issue
The DataHub Ingestion page fails to load with a generic error message when one or more access policies contain a malformed DOMAIN filter. Specifically, this occurs when domain filter values are set to a display name (e.g., a plain text label) instead of a properly formatted domain URN. Because the Ingestion page performs a permission check against all active policies before rendering, a single malformed policy causes the entire page to fail — even for users who otherwise have valid ingestion permissions. This is a non-obvious root cause because the UI error message gives no indication that a misconfigured policy is responsible.
Error Messages
Failed to load ingestion sources! An unexpected error occurred
You Might Be Asking
- Why does the ingestion sources page suddenly show an error even though nothing changed with ingestion itself?
- Why would an access policy misconfiguration break the ingestion UI for all users?
- How do I find which policy is malformed and fix it?
- Is this a backend service outage or a configuration issue?
Solution
-
Identify malformed policies using the DataHub REST API. Query the policies endpoint to list all policies and inspect their resource filter configurations. Look for any policy where a
DOMAINfilter criterion contains a plain display name instead of a URN.
Review the response for anyGET https://<your-instance>.datahubproject.io/openapi/v1/policiesresources.filter.criteriablocks where thefieldisDOMAINand thevaluesarray contains a raw display name rather than a URN. -
Recognize the malformed pattern. A malformed policy resource filter looks like this:
The{ "resources": { "filter": { "criteria": [ { "field": "DOMAIN", "condition": "EQUALS", "values": [ "my_domain_display_name" ] } ] } } }valuesarray must contain domain URNs, not display names. -
Correct the policy by replacing display names with domain URNs. Update any malformed
DOMAINfilter values to use the proper URN format:
Replace{ "resources": { "filter": { "criteria": [ { "field": "DOMAIN", "condition": "EQUALS", "values": [ "urn:li:domain:<your-domain-id>" ] } ] } } }<your-domain-id>with the actual domain identifier used in your DataHub instance (typically a slugified version of the domain name, e.g.,urn:li:domain:finance). -
Alternatively, delete the malformed policies if they are not needed or were created in error. This can be done via the DataHub UI under Settings → Access → Policies, or via the REST API:
DELETE https://<your-instance>.datahubproject.io/openapi/v1/policies/<policy-urn> - Verify the fix. After correcting or removing all malformed policies, navigate back to the Ingestion page in the DataHub UI. The page should now load successfully and list all ingestion sources as expected.
Additional Notes
This issue can be difficult to diagnose because the error displayed in the UI — Failed to load ingestion sources! An unexpected error occurred — is a generic catch-all message produced by the backend resolver. It gives no indication that an access policy misconfiguration is the root cause. The Ingestion page performs a permission check that evaluates all active policies; if any policy contains a malformed filter value (such as a domain display name instead of a URN), the permission evaluation fails and the entire page fails to render. This means a single malformed policy can break the Ingestion page for all users, regardless of whether they have otherwise valid ingestion permissions. When this error appears unexpectedly — especially shortly after new policies were created or modified — malformed policy filters should be among the first things investigated. A known scenario where this occurs is when a self-service or automated policy creation flow writes a human-readable domain label into the filter instead of resolving it to the correct urn:li:domain:<id> format. Always use URNs when specifying domain values in access policy resource filters.
Related Documentation
Tags: ingestion, access-policies, domain-filter, urn, permissions, ingestion-page-error, malformed-policy, policy-configuration, resource-filter, failed-to-load-ingestion-sources