I am trying to design an executeQuerySynchronously() method. I first execute the query by make a POST request to execute the query Asynchronously, which returns a response including the statementhandle of that execution. I then keeps checking the status of that query by making a GET request to that statementHandle.
I was able to make the POST request, a response was successfully returned. However, I couldn’t make the GET request. And I got this error: “No default role has been assigned to the user, contact a local system administrator to assign a default role and retry.”
My question is:
1.Does a GET request absolutely need the role specified? If so, there’s nothing documented on Snowflake SQL API about specifying a role. The POST request has documentation however on specifying the role in request body. Or is it automatically assumed to use the default role?
2.Or is this error caused by other reason?
3.How do I solve this?
The user executing the query on Snowflake must have a role, either implicitly as their default role or defined explicitl
Related
I have GSuite Service Account and My app uses following scopes (these are working fine) :
https://www.googleapis.com/auth/admin.directory.customer.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.domain.readonly,https://www.googleapis.com/auth/drive.readonly,https://www.googleapis.com/auth/drive.metadata.readonly,https://www.googleapis.com/auth/drive.photos.readonly
Now I Have to access gsuite groups, As mentioned here in api documentation : https://developers.google.com/admin-sdk/directory/v1/reference/groups/list
I Added these two scopes :
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/admin.directory.group
in my already existing scopes, and I'm unable to authorise my application now.
When I try to check this via api explorer in the above link, It throws an error : 400 - Bad Request. But the strangest thing happen, it returned 200 ONCE only while trying and returned the group I created, But I'm unable to make successful call again and keeps getting error.
Is there anything I'm missing here? Any help will be really appreciated.
Thanks.
NOTE: I can access gsuite users with above scopes as well, the issue is only with the groups.
As is mentioned on the documentation, 400 error is not related to the scopes that you are using. However the explorer API information is not correct as the "Customer" field is required, You can try it typing my_customer on that field and you should get a 200 if your user has the proper permissions.
I have submitted a request to update the current documentation.
Is it possible to distinguish where the request came from in a Parse beforeSave hook? That is, to tell if the request came from a client or a Parse job from the server?
beforeSave should still have the request.user parameter, if I'm not mistaken. If the request came from a client with a signed in user, or if it came from cloud code but you passed a {"sessionToken":} object as the options, it'll contain the user. I'm not sure if also adding "useMasterKey":true to the options will override this behavior or not.
If you're worried about allowing users to perform the save, you should instead be looking into ACL / CPLs
https://docs.parseplatform.org/js/guide/#security-for-user-objects
This happens in the API Explorer and using the .NET client API. In the API Explorer, I was trying to use the query param, but eventually I just removed it and now send the request with no params, and it still turns around 400 even though I am authenticating successfully with OAuth2 in browser.
Why is this endpoint broken?
https://developers.google.com/admin-sdk/directory/v1/reference/users/list
The problem was the customer field was not filled in. It must contain a valid customer id. Once I populated that, it worked.
Really wish Google would work on providing better error feedback and improve their docs. This field (as of today) is still listed as optional.
As the documentation says:
either the customer or the domain parameter must be provided
I tried to specify domain name and it worked.
Found myself opening a couple of functions for access to users with invalid session tokens. The only way I could find to do that is to intercept the request using a bodyParser before Parse gets the request and removing sessionToken from the request.
Now trying to do a better job managing authorization to all functions - My question are:
can I relax the requirement that if a sessionToken is included it must be valid in any other way? Is session token validation done using a default validationHandler that can be replaced or is that done elsewhere?
to control access to cloud functions, is there anything like ACL roles? does cloud function's "validationHandler" accept only param? or can I inspect the user object as well?
Yes. In parse-server you can make sure that the sessions are valid because if you will try to run any CRUD operation with invalid session you will get http 403 error that your session is not valid or expired. You can control on the "Length" of your session by changing the sessionLength property in your parse-server app. The default is 1 year
There is no control access to cloud functions but you can check if a logged in user trigger this function by checking if the request.user is not undefined. Cloud functions can get only params in key-value pairs and those params cannot be Parse Objects. if you want to send ParseObject you can send the objectId of the parse object and then query for it in cloud code to get the full object. You can always access the user context in request.user (only if cloud code was triggered by the user). If you still want to "protect" your cloud code you can check if the calling user have a Role by query the Role DB and check if the user is contained there.
I want to add a user to a group through the API. The proper endpoint should be:
https://www.yammer.com/api/v1/group_settings/process_additions , but keep getting a 404.
I found this, describing my exact problem, but no answers:
I want to join users except current login to yammer group. or I want to invite them to join yammer group using javascript sdk by yammer. I found one way of doing that by following
Makes a POST to: same call as above
id: GROUP_ID
invites[ids][]: USER_ID
invites[emails][addresses]:
I don't know how to call it. I tried to call that URI but it gave me error like
"No 'Access-Control-Allow-Origin' header is present on the requested resource" can any one tell me how to pass that data to request call ?
So: How to call https://www.yammer.com/api/v1/group_settings/process_additions ?
Looks like there is an authenticity_token param missing in your URL. You must supply that parameter.
This URL works, but note that it is not documented / supported, and could potentially change at any time:
https://www.yammer.com/insert_yammer_network_name/group_settings/process_additions/isert_groupID.json?id=isert_groupID&invites[ids][]=&invites[emails][addresses]=insert_email#domain.com&auto_add_invitees=true&authenticity_token=insert_oauth-token
Modify the above format with your details, copy it into a browser URL, hit enter, and you should get the following response {"status":"ok"}, or {"already_member":"true"} if the the user is already a member of the group.
Note that you can't make REST calls to https://www.yammer.com/* as it will result to CORS error. Use https://api.yammer.com/api/v1/ as your base URL instead.
===========================
The above solution is no longer valid. Use the impersonation method instead as it is supported/documented by yammer.