Tried reproducing using command line and below are the findings.
Created CIFS share.
Added access rule which added valid user.
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-allow myCIFS_Share2 user Guest
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2 +--------------------------------------+-------------+-----------+--------------+--------+------------+
| id | access_type | access_to | access_level | state | access_key |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user | Guest | rw | active | None |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
Then I added a rule which added a invalid user to see state as error for both the access rules.
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-allow myCIFS_Share2 user 3parbrowse
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| access_key | None |
| share_id | 47610cc7-a656-4bbc-81c8-c9f14b6006b3 |
| access_type | user |
| access_to | 3parbrowse |
| access_level | rw |
| state | new |
| id | b490106a-6981-47a6-8879-e0885c647069 |
+--------------+--------------------------------------+
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2
+--------------------------------------+-------------+------------+--------------+-------+------------+
| id | access_type | access_to | access_level | state | access_key |
+--------------------------------------+-------------+------------+--------------+-------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user | Guest | rw | error | None |
| b490106a-6981-47a6-8879-e0885c647069 | user | 3parbrowse | rw | error | None |
+--------------------------------------+-------------+------------+--------------+-------+------------+
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$
Next I removed the access rule for invalid user.
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-deny myCIFS_Share2 bb0f69a4-6643-4d65-865e-cefd2d7d267c
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$ manila access-list myCIFS_Share2 +--------------------------------------+-------------+-----------+--------------+--------+------------+
| id | access_type | access_to | access_level | state | access_key |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
| 77a7d557-cfc1-43dd-9142-4d7940bcdfcf | user | Guest | rw | active | None |
+--------------------------------------+-------------+-----------+--------------+--------+------------+
stack@cld4b11:/opt/stack/manila/manila/share/drivers/hpe$
Just to summarize, adding access for invalid user changes the state for all the access rules.
Removing access rule for invalid user changes state back active.
Tried reproducing using command line and below are the findings.
Created CIFS share. /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-allow myCIFS_Share2 user Guest /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-list myCIFS_Share2 +------ ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+ ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+ cfc1-43dd- 9142-4d7940bcdf cf | user | Guest | rw | active | None | ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+
Added access rule which added valid user.
stack@cld4b11:
stack@cld4b11:
| id | access_type | access_to | access_level | state | access_key |
+------
| 77a7d557-
+------
Then I added a rule which added a invalid user to see state as error for both the access rules.
stack@cld4b11: /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-allow myCIFS_Share2 user 3parbrowse ------- -+----- ------- ------- ------- ------- -----+ ------- -+----- ------- ------- ------- ------- -----+ a656-4bbc- 81c8-c9f14b6006 b3 | 6981-47a6- 8879-e0885c6470 69 | ------- -+----- ------- ------- ------- ------- -----+ /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-list myCIFS_Share2 ------- ------- ------- ------- ----+-- ------- ----+-- ------- ---+--- ------- ----+-- -----+- ------- ----+ ------- ------- ------- ------- ----+-- ------- ----+-- ------- ---+--- ------- ----+-- -----+- ------- ----+ cfc1-43dd- 9142-4d7940bcdf cf | user | Guest | rw | error | None | 6981-47a6- 8879-e0885c6470 69 | user | 3parbrowse | rw | error | None | ------- ------- ------- ------- ----+-- ------- ----+-- ------- ---+--- ------- ----+-- -----+- ------- ----+ /opt/stack/ manila/ manila/ share/drivers/ hpe$
+------
| Property | Value |
+------
| access_key | None |
| share_id | 47610cc7-
| access_type | user |
| access_to | 3parbrowse |
| access_level | rw |
| state | new |
| id | b490106a-
+------
stack@cld4b11:
+------
| id | access_type | access_to | access_level | state | access_key |
+------
| 77a7d557-
| b490106a-
+------
stack@cld4b11:
Next I removed the access rule for invalid user.
stack@cld4b11: /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-deny myCIFS_Share2 bb0f69a4- 6643-4d65- 865e-cefd2d7d26 7c /opt/stack/ manila/ manila/ share/drivers/ hpe$ manila access-list myCIFS_Share2 +------ ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+ ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+ cfc1-43dd- 9142-4d7940bcdf cf | user | Guest | rw | active | None | ------- ------- ------- ------- ----+-- ------- ----+-- ------- --+---- ------- ---+--- -----+- ------- ----+ /opt/stack/ manila/ manila/ share/drivers/ hpe$
stack@cld4b11:
| id | access_type | access_to | access_level | state | access_key |
+------
| 77a7d557-
+------
stack@cld4b11:
Just to summarize, adding access for invalid user changes the state for all the access rules.
Removing access rule for invalid user changes state back active.