From b473d5db9589f06a4d8f2a81902f9922a3f052be Mon Sep 17 00:00:00 2001
From: adlerhurst <27845747+adlerhurst@users.noreply.github.com>
Date: Fri, 10 Jan 2025 10:22:58 +0100
Subject: [PATCH] docs: add tech advisory for project grant query

---
 docs/docs/support/advisory/a10014.md     | 26 ++++++++++++++++++++++++
 docs/docs/support/technical_advisory.mdx | 12 +++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 docs/docs/support/advisory/a10014.md

diff --git a/docs/docs/support/advisory/a10014.md b/docs/docs/support/advisory/a10014.md
new file mode 100644
index 00000000000..81ca77d32c5
--- /dev/null
+++ b/docs/docs/support/advisory/a10014.md
@@ -0,0 +1,26 @@
+---
+title: Technical Advisory 10014
+---
+
+## Date
+
+Version: v2.66.5
+
+Date: 2025-01-10
+
+## Description
+
+Prior to version [v2.66.0](https://github.com/zitadel/zitadel/releases/tag/v2.66.0), some project grants were incorrectly created under the granted organization instead of the project owner's organization. To find these grants, users had to set the `x-zitadel-orgid` header to the granted organization ID when using the [`ListAllProjectGrants`](/apis/resources/mgmt/management-service-add-project-grant) gRPC method.
+
+Zitadel [v2.66.0](https://github.com/zitadel/zitadel/releases/tag/v2.66.0) corrected this behavior for new grants. However, existing grants were not automatically updated. Version v2.66.5 corrects the owner of these existing grants.
+
+## Impact
+
+After the release of [TODO: version], if your application uses the [`ListAllProjectGrants`](/apis/resources/mgmt/management-service-add-project-grant) method with the `x-zitadel-orgid` header set to the granted organization ID, you will not retrieve any results.
+
+## Mitigation
+
+To ensure your application continues to function correctly after the release of [TODO: version], implement the following changes:
+
+1. **Conditional Header:** Only set the `x-zitadel-orgid` header to the project owner's organization ID if the user executing the [`ListAllProjectGrants`](/apis/resources/mgmt/management-service-add-project-grant) method belongs to a different organization than the project.
+2. **Use `grantedOrgIdQuery`:** Utilize the `grantedOrgIdQuery` parameter to filter grants for the specific granted organization.
\ No newline at end of file
diff --git a/docs/docs/support/technical_advisory.mdx b/docs/docs/support/technical_advisory.mdx
index 7562ff38707..8805e2e1d83 100644
--- a/docs/docs/support/technical_advisory.mdx
+++ b/docs/docs/support/technical_advisory.mdx
@@ -214,6 +214,18 @@ We understand that these advisories may include breaking changes, and we aim to
     <td>-</td>
     <td>2024-12-09</td>
   </tr>
+  <tr>
+    <td>
+      <a href="./advisory/a10014">A-10014</a>
+    </td>
+    <td>Correction of project grant owner</td>
+    <td>Breaking Behavior Change</td>
+    <td>
+      Correct project grant owners, ensuring they are correctly associated with the projects organization.
+    </td>
+    <td>-</td>
+    <td>2025-01-10</td>
+  </tr>
 </table>
 
 ## Subscribe to our Mailing List