Password Policies is inaccessible after upgrading from 6.2 to DXP 7.2 - workaround without rolling back to 6.2

Issue

After upgrading from 6.2 to 7.2, navigating to Control Panel > Users > Password Policies shows a UI error "Password Policies is temporarily unavailable", and an error is thrown in the logs:

ERROR [https-jsse-nio-8441-exec-4][PortletRequestDispatcherImpl:304]
    Unable to dispatch request: java.lang.IllegalArgumentException: Someone may
    be trying to circumvent the permission checker: companyId=20157, name=com.liferay.portal.kernel.model.PasswordPolicy,
    primKey=20200, scope=4}

Environment

Portal 6.2
DXP 7.2

Resolution

There is a great article on how to solve this case, but what if it's not possible to roll back to 6.2 anymore and make the necessary changes there?

We created a groovy script to resolve the problem on the already upgraded environment. Simply navigate to Control Panel -> Configuration -> Server Administration -> Script, paste the below script and click on Execute.

import com.liferay.portal.kernel.model.PasswordPolicy;
import com.liferay.portal.kernel.service.PasswordPolicyLocalServiceUtil;
import com.liferay.portal.kernel.dao.jdbc.DataAccess;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.ResourceConstants;
import com.liferay.portal.kernel.service.ResourceLocalServiceUtil;
import com.liferay.portal.kernel.util.StringBundler;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

public class UpdatePasswordPolicyResources {
    public void doUpdatePasswordPolicyResources() {
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;

        try {
            con = DataAccess.getUpgradeOptimizedConnection();
            StringBundler sb = new StringBundler(7);
            sb.append("select passwordPolicyId from PasswordPolicy left join ");
            sb.append("ResourcePermission on (PasswordPolicy.companyId = ");
            sb.append("ResourcePermission.companyId and ");
            sb.append("ResourcePermission.name = ? and ");
            sb.append("ResourcePermission.scope = ?) where ");
            sb.append("ResourcePermission.primKey = ? and ");
            sb.append("PasswordPolicy.defaultPolicy = ?");
            ps = con.prepareStatement(sb.toString());
            ps.setString(1, PasswordPolicy.class.getName());
            ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
            ps.setString(3, PasswordPolicy.class.getName());
            ps.setString(4, String.valueOf(1));
            rs = ps.executeQuery();

            while (rs.next()) {
                long passwordPolicyId = rs.getLong("passwordPolicyId");
                updateResources(passwordPolicyId);
            }
        }

        catch (Exception e) {
            _log.error("Unable to add missing PasswordPolicy resources", e);
        }

        finally {
            DataAccess.cleanUp(con, ps, rs);
        }
    }

    protected void updateResources(long passwordPolicyId) {
        try {
            if (_log.isInfoEnabled()) {
                _log.info(
                    "Adding missing resources for PasswordPolicyId " +
                        passwordPolicyId);
            }
            PasswordPolicy passwordPolicy =
                PasswordPolicyLocalServiceUtil.getPasswordPolicy(passwordPolicyId);
            String name = PasswordPolicy.class.getName();
            ResourceLocalServiceUtil.updateResources(
                passwordPolicy.getCompanyId(), name, ResourceConstants.SCOPE_INDIVIDUAL, name,
                String.valueOf(passwordPolicyId));

            if (_log.isInfoEnabled()) {
                _log.info(
                    "Successfully updated resources for PasswordPolicy " +
                        passwordPolicyId);
            }
        }
        catch (Exception e) {
            _log.error(
                "Error while adding missing resources for PasswordPolicy " +
                    passwordPolicyId,
                e);
        }
    }

    private static final Log _log = LogFactoryUtil.getLog(
        UpdatePasswordPolicyResources.class);
}

UpdatePasswordPolicyResources updatePasswordPolicyResources =
    new UpdatePasswordPolicyResources();

updatePasswordPolicyResources.doUpdatePasswordPolicyResources();