These are my permissions:
I can't figure out what other permissions to grant to users for creating charts in apache superset.
The button to create the chart is visible, but after selecting the dataset and the chart type, clicking on "create new chart", I get this error: "There was an issue fetching your recent activity: Access is Denied".
So, what permissions to grant to create charts in apache superset?
To resolve there was an issue fetching your recent activity: Access is Denied", assign the permission below
can recent activity on Superset
You also require the following permissions to successfully create charts.
can write on Chart
can write on Dashboard
can created slices on Superset
Related
I want to know the bare minimum permissions required to fetch the data from the following Google APIs:
1.https://www.googleapis.com/userinfo/v2/me 2.https://www.googleapis.com/admin/directory/v1/users/{userID} 3.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/user_accounts 4.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/login 5.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/token 6.https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens 7.https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits 8.https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens
I created Custom role following this steps https://support.google.com/a/answer/2406043?product_name=UnuFlow&hl=en&visit_id=637898476053235402-4131039370&rd=1&src=supportwidget0&hl=en and given all the permission that Super Admin role has. But still for the 8th API (https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens), when I try to fetch the data its giving error "User does not have credentials to perform this operation". Do I need to provide some extra permissions/configuration to fetch the data? if Yes, what would be that extra permissions/configuration ?
Note: This API work with Super Admin role.
I'm trying to stream data from DynamoDB to ElasticSearch. I've checked the documentation by AWS + some other sources online but I'm stuck on a security issue. So I'm using a lambda function, the process of retrieving data from DynamoDB is fine, but then when I try to write back to ElasticSearch I get an error:
"no permissions for [indices:data/write/bulk] and User [name=arn:aws:iam::account number:role/dynamodb_to_es, backend_roles=[arn:aws:iam::account number:role/dynamodb_to_es], requestedTenant=null]"
This is my Lambda function. I realized it would always fail because of the "_bulk" extension. Thank you!!
My Lambda function:
https://github.com/YassineRjl/Lambda-Func---DynamoDB-to-ElasticSearch/blob/master/lambda_func.py
My IAM role:
You don't have to disable "fine-grained access control". Instead, you can edit role mapping.
For detailed information & steps please check:
https://aws.amazon.com/tr/premiumsupport/knowledge-center/es-troubleshoot-cloudwatch-logs/
"I'm unable to stream my CloudWatch log group to an Amazon ES domain when fine-grained access control is enabled." subject.
If you're finding this from Google like me, this worked for my use-case:
Open your Kibana dashboard (https://your-domain-somerandomstring.us-east-1.es.amazonaws.com/us-east-1.es.amazonaws.com/_plugin/kibana/app/opendistro_security#/roles/view/all_access/mapuser)
Navigate to Security in the left nav
Select Roles
Select a role that you'd like to attach your user to (in the example above, it's "all_access")
Add your Username from the error log, or use the ARN for your username (mine was related to the instance profile associated to the instance I was connecting from)
I found the solution. During the creation of the ES instance, make sure to unselect "fine-grained access control" & avoid VPC for the sake of Https, then on the roles, create a role on IAM and copy-paste the ARN in the ES dashboard during the instance setup
You should map your user to role: kibana_user, which defines basic permission to access index.
These are the Dashboards I created using Vizualisations. Lets say When User SignIn to KIbana, It should display only one Dashboard based on role.
Eg: I want to show App Analytics Dashboard to one person and Order Payment Analytics Dashboard to another Person with different Role. etc.
You need to have X-Pack Security in order to leverage the kibana_dashboard_only_user role + another role that gives access to only a selected list of dashboards for that user.
Yes you need X-pack, On top of that you can allow access to certain dashboards by
create a role
Associate the index that the dashboards uses
Assign the role to the users along with the Dashboard_only_user role.
But you cant hide the other dashboards name from being displayed in the dashboard menu, its just gonna be empty if they dont have access to that dashboard
Follow the below steps.
create a space in "Spaces" under stack management.
export the Saved Objects of the dashbaord with its related objects from the existing space (default)
import that saved object to your new space.
Create a viewer role with the new space you created.
assign that to your user.
done!
I'm using Ruby and the google-api-client gem to create a simple script that lists all datasets in a project and then deletes them. The script is using Service Account credentials and the BigQuery API is enabled. I am using v2 of the API.
The listing of the datasets works fine and I get the list (so it's not the credentials or the scope that has a problem) but when I try and delete that dataset I get a Access Denied: Dataset pppppppppp:foofoofoo: DELETE_DATASET.
When I look at the ACL on the dataset it is set to the defaults, namely group: Project Viewers Can View, group Project Editors Can Edit and group: Project Owners Is Owner. If I try and delete the dataset from the console by logging in with the project owner credentials, it all works fine.
Any help would be appreciated.
Thx
Enis
It sounds like the service account you are using is not on the Project Writers group. Deleting a dataset owned by a project requires either Writer or Owner permissions.
Dataset permissions can be found here: https://cloud.google.com/bigquery/access-control#datasetroles
I have created a Data Map- 'Ipad App Geveva Event' for importing lead records using csv file from Import function on CRM.
I have then set the permission on role which user is having. But when I click on Import option in the final it's getting failed saying that "You do not enough privileges to access the Microsoft CRM Dynamics objects.
Modified the role to give access for importing csv file
Importing the csv file from Systems-> Data Management-> Imports
Clicking on the next button to proceed further
Again clicking on the next button to proceed further
Finally now when I click on import button it's getting failed. Don't know what permission I have been missing on the role. please assist for the below error
You need to find the more specific error message. You should be able to find something that looks similar to 'prvCreateContact' which usually describes the exact permission that user is missing.
How to enable tracing in Microsoft Dynamics CRM.
How to turn on developer errors in Microsoft CRM 2011 (aka Titan or 5.0)..
Then compare that missing privilege with the tables on the MSDN, that should help you to work out which privilege you need to add the user.
Security Role UI to Privilege Mapping (this is the 2011 version but it should be pretty similar).
I was only missing 'Append to' privilege from the role in the first image- fixed and now working for all users who has this role assigned with him. This nightmare has gone now.