I'd like to grant permission for accessing one specific dataset of Google AutoML Vision.
So I added AutoML editor role to my service account on IAM and tried to set a condition of the role.
The condition was resource.name.startsWith("projects/505210XXXXXX/locations/us-central1/datasets/ICN899913873XXXXXXXXXX")
But it didn't work. How could I set the condition?
Related
I want to know the bare minimum permissions required to fetch the data from the following Google APIs:
1.https://www.googleapis.com/userinfo/v2/me 2.https://www.googleapis.com/admin/directory/v1/users/{userID} 3.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/user_accounts 4.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/login 5.https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/token 6.https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens 7.https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits 8.https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens
I created Custom role following this steps https://support.google.com/a/answer/2406043?product_name=UnuFlow&hl=en&visit_id=637898476053235402-4131039370&rd=1&src=supportwidget0&hl=en and given all the permission that Super Admin role has. But still for the 8th API (https://www.googleapis.com/admin/directory/v1/users/{userID}/tokens), when I try to fetch the data its giving error "User does not have credentials to perform this operation". Do I need to provide some extra permissions/configuration to fetch the data? if Yes, what would be that extra permissions/configuration ?
Note: This API work with Super Admin role.
We are doing lot of analysis around this but not getting solution for this requirement
Basically we want to fetch deeper details of Roles which includes Function Security Policies, Data Security Policies, Role Hierarchy of particular Role
Theses details we are easily getting from Oracle ERP Cloud UI in Security Console but we want to fetch these details from Rest/Soap API due to some of our business needs
We found one API which works great but gives us only basic info of Role
/hcmRestApi/scim/Roles/
Is there any way to get these details, this is becoming roadblock for us to use Oracle ERP cloud.
Thanks In Advance..!!
SCIM REST API you cannot get the function security policies, data security policies and role hierarchy of particular role but by running the "User And Role Access Audit Report" you can View all roles, privileges, and data security
You would have to run "Import User and Role Application Security Data process" to get data populated before running the "user and role access audit report"
So we have to go via Reporting
These are the Dashboards I created using Vizualisations. Lets say When User SignIn to KIbana, It should display only one Dashboard based on role.
Eg: I want to show App Analytics Dashboard to one person and Order Payment Analytics Dashboard to another Person with different Role. etc.
You need to have X-Pack Security in order to leverage the kibana_dashboard_only_user role + another role that gives access to only a selected list of dashboards for that user.
Yes you need X-pack, On top of that you can allow access to certain dashboards by
create a role
Associate the index that the dashboards uses
Assign the role to the users along with the Dashboard_only_user role.
But you cant hide the other dashboards name from being displayed in the dashboard menu, its just gonna be empty if they dont have access to that dashboard
Follow the below steps.
create a space in "Spaces" under stack management.
export the Saved Objects of the dashbaord with its related objects from the existing space (default)
import that saved object to your new space.
Create a viewer role with the new space you created.
assign that to your user.
done!
I am trying to set roles with parse.com
My aim is to set role to get all the data only for login users.
can you please proved step by step how should it be done with parse.com,
I tryed to play with it and read the tutrial but I am all the time getting accecss to data even if I am not logined.
thnx for helping!
When you create your data object you should be adding an ACL to it, created with the current user and limiting read and write to that user. This is done before you save the data object. You don't need to use a role. A role would be used where you had a group of users who all needed access, then you would add the users to the role and create the ACL for the role instead of a user.
I am building an app with Role based Security. I have built my Record Types (Projects, Accounts, HistoryLog, Financial, Customer, etc) in Cloudkit Dashboard, and I have created Security Roles as well. I have roles named: Executive and DeptManager. I have assigned to the Record Types the appropriate access by Role. I have also assigned to the user in the special Record Type "Users" the role of either Executive or DeptManager.
I have successfully accessed and manipulated data in the Record Types. Now I am implementing Role based viewing in the App. So on the first view there is a log in "like" feature, so after i discover the user, I want to display the Roles of that user in a PickerView for them to select. Once they select a role I will them take them to the appropriate view. For example I may have the role of both DeptManager and Executive. If today I select DeptManager, I will be taken to a view that allows me to enters Production Metrics. If another day I select Executive, I will see performance metrics for all the departments that report to me.
Here is an image from CloudKit Dashboard showing the info I'm trying to retrieve. Thanks in advance for any advice.
Currently it is not possible to get the roles a user is in. At the moment the information that is returned from the discoverUserInfoWithUserRecordID is very limited. I also hope it will be extended soon. Currently you only get a userRecordID, first name and last name. If you do want such functionality, then the only solution is creating a shadow registration which you could query. You then would have a challenge keeping these 2 in sync. That has to be done manually.