I created a web service in Idempiere, added input params, etc, for createData service for one table. While calling that service from SoapUI, I am getting the column not allowed message for one of the columns. What does it mean? which columns are allowed and which are not allowed, how to know?
I googled before posting here, but I couldn't find an answer to my doubt.
Edited:
Solution: The column name to be used in SOAP request should be the first part i.e., the string before the underscore, which is used in the Idempiere Web Service Field Input.
The allowed columns are defined in the window Web Service Security, tab Web Service Field Input.
For example: this is a screenshot taken from http://test-postgresql.idempiere.org/webui/index.zul?Action=Zoom&AD_Table_ID=53164&Record_ID=50001
Related
I am trying to use the ServiceNow API for the first time and I need to get a list of all the users in the sys_user table with all of their available fields/attributes like date created, updated etc.
I tried GET request to this URI:
https://myinstance.service-now.com/api/now/table/sys_user
But the response only returns the Users and some of their attributes but not all of the ones I can see in the portal.
What is the correct URI to make the REST call to get all users and their fields/attributes?
I'm assuming you want to access SN API from another application? Cause if you want to do that from within SN, there is the GlideRecord server API you can use.
Now when you access the table API from external source, you do that through a registered user - depending on this user and their roles, you might see all or only some of the user attributes. Also, if you add specific Query Parameters to your request like sysparm_query or sysparm_fields, this will limit what you get.
ACLs (Access Control Lists) is the mechanism in ServiceNow restricting access to Table API. So I would encourage you to check there. Perhaps you will need to create a technical user with sufficient roles to access the data you need.
Also the REST API Explorer which is found in SN Navigator can be of help to quickly test your table queries.
Hope that helps a bit!
In general table api returns all the columns associated to the table unless until if you have specified the specific column list in sysparam_fields, can you please try in post man or try the same api call from rest api explorer in Servicenow to understand the behavior. H
I am building a web app (using Laravel but it's irrelevant), that will have multiple tenants with each tenant having its own database. The backend and frontend code end will be common.
We all know the benefits of multitenancy with a dedicated DB per tenant, so I will no go over it again. In my case, it fits my needs 100%.
My question:
If a tenant (client) comes to me for customization (ex. an additional feature, alteration of current feature, removal of feature, etc.) how do I execute this? Obviously I can't alter the code for all tenants, so I guess I will need some kind of filtering or settings where I can toggle features on and off per tenant.
Any ideas?
Thanks in advance.
There are couple of ways to implement Multi-Tennancy.
Here I would like to suggest two ways which I implemented previously in my projects.
First Way :
Create the tenant table. Add tenant_id column in every DB table.
Pass the corresponding Tenant id in every request's header part. Backend will get tenant id from header.
Second Way :
Create tenant table with two columns namely tenant_name and tenant_uuid value.
front end send the tenant name in URL like https://tenant1.xyz.com. Create one interceptor which intercept the front end request and get tenant name from the URL. Based on that tenant name you can get particular tenant info from DB.
Now store that tenant info in request context of your application.
you can use that info from wherever you want.
In first way you have to pass tenant id in all layer of application which is not advisable. But in second way you can get tenant id from context so no need to pass it in all the layer.
Now Answer for second question is :
For feature toggling of particular tenant. You can create feature table with columns feature_name, is_enabled and tenant_id.
Now suppose you have to show Dashboard feature to X tenant and do not want to show it Y tenant. Then you just have to do enabled and disabled in this table only.
I have the following setup - the Spring SAAS REST service, which allows different companies to manage different events. And there is a rest client (a mobile app) also, shipped separately for each company.
I want to use keycloak for security stuff, and I have a question of how to separate one company from another.
I need companyA to not be able to access companyB event, and also need different roles within the company - some can create events, some can only read it.
First I thought each company will have own realm created in keycloak, but I learned that realm actually specified in the spring boot REST service parameters like
keycloak.realm=demo-realm
Which means it is only one realm per REST application. And I don't want to configure REST service instance per client. I only want one REST rule them all.
Am I trying to use something which really doesn't fit my use case?
Will it be right way to have a keycloack Group configured for each company, and make a logic in such a way that users of one group won't have access to what is created by other group. But then it actually feels wrong, since as I understand group are supposed to be used in a different way - to have admin group and user group, etc, segregating users "vertically" by "privileges", and not "horizontally".
Can you please suggest a right approach for this problem?
I would implement a custom protocol mapper which loads extra user permissions for your application and stores them in a token. This way, you use a single realm and if there are more companies in the future it scales well. Here you've got an example of how to implement it.
Basically, the otherClaims field of the access token is a JSON field that allows a map of properties to be set. You could add a field here such as:
userAccessibleCompanyIds: [1,3,4]
How to load the company ids for the concrete user? You can access your application database from the mapper or get them using the REST API.
Then in your application you need to have a control of what the user accesses. What I do is decode the token and see if the user request suits. If not, return a 403 response.
I am fairly new at using Parse Server (hosted in back4app) and would like to get some clarification on the pre-created 'users' table.
I am currently trying to develop a Web Application (Javascript) using Parse and I am using REST API calls to signup and login users. One thing I have noticed is that anyone can get a hold of my REST API key (through html source), but most importantly anyone can make a GET 'users' request to get all the users in the DB. These results include the username, email, and ObjectID. As a result of this anyone can make another REST call to the 'sessions' table with the ObjectID and retrieve the sessionToken (which I was planning to use as an authorization token for protected REST API calls)
I am not quite sure how this can be safely accomplish. I have search online but without much success. Any help or articles will be greatly appreciated.
Thank you
The security access is made throuh the
CLP (Class-Level-Permission) and/or ACL (on each each row).
you should have a look here :
https://parseplatform.github.io/docs/js/guide/#security
Note that : "Session objects can only be accessed by the user specified in the user field. All Session objects have an ACL that is read and write by that user only. You cannot change this ACL. This means querying for sessions will only return objects that match the current logged-in user."
REM : for a web application you should use the Parse "Javascript Key" which can be "public". Try to keep the REST API key more "private" by using it for i.e. only on "third party custom and private server" that could make REST request on your database.
I am integrating MS Dynamics CRM online with my ASP.Net MVC application. I am creating a synchronization process between both. I'm stuck at the point where
I need to check if user has entered valid CRM credentials ie. server address, domain, username and password etc. I am not sure which class is to use for that?
I want to create multiple entities of same type in a single go in CRM online from my Application. Currently I am using ServiceProxy's Create() method to do so . How can I create , for instance, 10 contacts in a single request ?
Is there any way to send list of objects to CRM server and create
them there?
To check I believe the easiest way is just execute call for example of WhoAmI message. If it would not throw an exception - that will mean that credentials are correct.
You should look at ExecuteMultiple message.