OpenAI

Write-up
Codex, Connectors, Search, Agent, Deep Research, Custom GPTs, Project Sharing, ChatGPT Record, Memory and other features related to RBAC are missing, unavailable, or unexpectedly enabled even when toggled off for Enterprise and Edu workspaces
Partial outage
View the incident
Summary

Between 11:47 AM and 18:19 PM PDT on October 2, 2025, a permissions misconfiguration during an internal data backfill caused all Enterprise and Edu workspaces to inherit overly restrictive permissions. As a result, features including Codex, Search, Agent Mode, Deep Research, and GPT Custom Actions became unavailable for some users.

Users in these workspaces experienced loss of functionality for the affected features. This interruption lasted over two hours for most users, with gradual recovery thereafter as caches were cleared and role settings corrected. 

We’ve taken steps to prevent incidents like this from recurring, including stronger controls in our backfill processes and improved observability and reliability in our RBAC system.

Impact

Between 11:47 AM and 14:07 PM PDT on October 2, users in impacted workspaces lost access to the following features: 

  • Codex

  • Search

  • Agent Mode

  • Deep Research

  • GPT Custom Actions

  • MCP Connectors 

This issue also caused the ChatGPT Record option to be temporarily available for some workspaces where it was originally disabled.

A configuration change to fix the issue was deployed within the first hour; however, residual problems persisted due to cache propagation delays. Full functionality was restored by 18:19 PM PDT on October 2. 

Root Cause

The issue stemmed from a system-wide permissions update that unintentionally included a highly restrictive role. This role was applied across all affected workspaces and took precedence over existing permissions, resulting in users being unable to access some features.

Mitigation

  • Time incident began: Thursday, October 2, 2025 at 11:47 AM PDT

  • Time detected: 12:28 PM PDT

  • Mitigation deployed: 14:11 PM PDT

  • Incident fully mitigated: 18:19 PM PDT

Detection was based on internal reports and alerts about errors across multiple services. We deployed a mitigation configuration change to apply the appropriate role restrictions and executed a manual script to clear cache invalidations across all workspace clusters.

Prevention

We are implementing the following measures to help prevent recurrence:

  • Enhanced backfill rollout and rollback mechanisms including a multi-phase backfill rollout.

  • Improve internal metrics and alerts for permission anomalies.

  • Strengthen defensive gating for Role-Based Access Controls (RBAC) using feature flags and hardening reliability and scalability of RBAC.

We sincerely apologize for the disruption this incident caused, especially given the critical importance of uninterrupted access for our Enterprise and Edu customers. Our teams are implementing stronger controls and a more robust rollout process to help prevent similar issues in the future. Thank you for your patience and continued trust as we work to improve.

Powered by

Availability metrics are reported at an aggregate level across all tiers, models and error types. Individual customer availability may vary depending on their subscription tier as well as the specific model and API features in use.