I am in exactly the sme situation as described in this question. The solution found by that asker was
Full access !== Owner. I need to read the documentation better.
Yes. I noticed that I can only give full access to the service account. I read the doc over and over again, but I cannot find a way to make my service account an owner. So maybe read along with me? (source):
Follow the recommended steps to verify ownership of your property.
After your property has been verified, open Search Console.
Click your verified property.
Select Verification details from the Settings gear next to your verified property.
Under Verified owners, click Add an owner.
Add your service account email address as an owner to the property.
Ad 1: I verified my personal ownership of the property in question long ago (both by HTML file and by DNS record, see below).
Ad 2/3: In the search console, I can "click" the desired property from the list of all my verified properties.
Ad 4: This step turns out to be difficult. There is no settings gear next to my verified property. The closest match is a settings gear in the vertical <nav> bar on the left and about a screen length below the property selection. There is nothing to "select" from the gear, though - it is just a plain old link to the settings page https://search.google.com/search-console/settings?resource_id=sc-domain%3AXXXXX
Whatever, on this settings page, I see the following information: A section "Property settings" with three items:
"Verification of ownership" with a green checkmark and "You are a confirmed owner";
"Users and privileges" with my name;
and "Change of address" with the hint to use this tool when my website changes its address.
There is also a button "Remove property", Next comes an "About" section about the indexing crawler. By the way, under the link next to "Users and privileges", I was able to add my service account as a user with unrestricted access - alas, as we learn, this is not enough; the only thing I can do with this user is to revoke its rights again.
The only remaining possible action that can be considered remotely related to step 4 of the documentation quoted above, is to follow the link next to "Verification of ownership". Unfortunately, that is a dead end: It lists details of my ownership verification (used verification methods, possible additional verification methods).
Ad 5: In all I tried for point 4, there is no option to add a new (delegated) owner, nowhere at all.
The lack of ability to add new owner might be explicable if I were merely a delegated owner, not a verified owner, right? However, the page shows that I am a verified owner, verified by both HTML file and DNS record.
Q: Who can help me read the documentation better and grant enough privileges to my service account to allow it using the indexing API?
Here's an amended How-To:
Follow the recommended steps to verify ownership of your property.
After your property has been verified, open Search Console.
Click your verified property.
Select Verification details from the Settings gear next to your verified property.
More precisely, in the navigation on the left, click "Settings".
4.a Click "Users and Privileges"
4.b In the user list, you should see yourself as owner; ignore any other entries. In that (=your) entry, click the Kebab menu and select "Administer Property Owners". This opens in a new Tab
Under Verified owners, click Add an owner.
Add your service account email address as an owner to the property.
Related
I am trying to add a member to Visual Studio Marketplace. In my account I go to Manage Publishers & Extensions -> Members and click om '+ Add'. Whatever e-mail I provide shows "Invalid Domain" error:
Is it a VS Marketplace bug or do I need to somehow link Azure directory (or any other users directory) first?
I'm having the same issue with a newly registered Publisher and have contacted Microsoft. Here's what I was told:
Apologies for the inconvenience you are facing. This is currently due to an issue at our end.
To unblock you, we can add the users manually to the publisher. Could you please provide us the VSIDs of the users that you are trying to add to the publisher?
To provide the VSID, do the following:
Login to the Marketplace (https://marketplace.visualstudio.com) with the email address that has to be added to the publisher.
After getting logged in, from the same browser window, open https://marketplace.visualstudio.com/_apis/connectiondata
You should see some JSON data in the window.
Copy paste the output of the page that you see. We are interested in the "id" field of the "authenticated" user.
We will manually add the users to your publisher, once we have the VSIDs details.
You'll want to contact Microsoft using the "Need help? Contact Microsoft" link that Grzegorz Smulko also mentioned, but you might as well collect the relevant IDs to include when you reach out to expedite the process.
Microsoft may be requiring Microsoft federated(Hotmail, Live..., or AD integrated) IDs.
Due to the complete lack of documentation, I have been unable to verify this claim.
This could also be attributed to Microsoft banning gmail.com as a valid source e-mail domain.
It looks like a bug to me.
I've tried to add a new member from the same domain as all the other existing members and I'm getting the very same error.
I'd suggest contacting MS using the "Need help? Contact Microsoft" link from the top-right corner.
There is an alternate way to add members via User Id. Please follow the steps mentioned here:
Ask member (that you want to add) to login their account on Marketplace
User Id will be visible by hovering over email as shown in image.
Member can copy the User Id by clicking copy-to-clipboard button and share with the current owner of the publisher(you).
Now the current owner of the publisher(you) can add member using User Id from members tab. Click on + Add -> Now enter the User Id-> Select a role you want to assign to the new member.
As shown in the below screenshot.
I am trying to add a User to my App Store Connect so they can upload a build, but in the portal it does not allow me to give them access to certificates as the checkbox stays greyed out. I am the Account holder and Admin. "Access
to Certificates, Identifiers & Profiles" stays grey. Cant change this even when added as a User and try to edit their permissions.
This is probably because you have an individual account instead of organization one. I found it here.
Hope this helps anyone like me who got stuck here.
I followed this tutorial to create a aspnet core web api using Azure for a test project I'm working on:
https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore
The instructions says "Configure Permissions for your application - in the Settings menu, choose the 'Required permissions' section, click on Add, then Select an API, and type 'TodoListService' in the textbox. Then, click on Select Permissions and select 'Access TodoListService'"
I followed every step closely and most was on target with everything, but this step didn't show my todolist service.Below is the screenshots in the order I did them.
Navigate to the apps page
Go to settings and required permissions for either app
Click add at the top left hand corner to add a new permission
To Do List Service and To Do List Web App are not listed
The tutorial worked for the most part. I am able to run the VS solution and sign in to an azure account associated with my application. However the users don't have read permissions to the to do list on the website, and I think it is because I had to skip this step.
After logging in through MS
Shows logged in
User cant view the to do list
As you can see I am clearly logged in, but am not able to see the list
In my work we have users who access a Web based tool called Microstrategy that serves different reports from different projects. Users are added to various groups in the Developer tool by importing them from the selected domain they are on into a specific group that gives them access to only the project > report they require. Most users come from one main central domain, some others are still on old domains.
I am currently involved with admin on this system and I am experiencing a problem I cannot get to the bottom of. I think they problem lies in no man's land, I don't know if it is a problem with network, domain, or something else?
Most users will be set up with authenticated login, meaning that when they click on the respective link for their report they are logged straight in using their windows credentials.
In this particular case however the user does not seem to be able to login, but can get in by manually typing their username in (username and password) to access.
I'm not sure what the problem is, why it won't authenticate automatically like most of the others do? I don't know if this makes any difference but when I RDP into the machine I cannot see the C drive due to 'admin restrictions on effect on this pc'.
I don't know what this restriction is and if it is a symptom or related to the login problem. Is there a way of fault finding this?
Thanks
Andrew
The answer to this partly depends on the version of MicroStrategy you are using.
Forget about RDP to the server, you won't need that.
Assuming you have access to edit and change users with the Developer tool, open Developer.
In the tree on the left,
open the "project source" (the top level of the tree)
then Administration
then User Manager
then find the user, most likely within one of the groups you have set up
right click on the user and choose Edit
go to the Authentication section
There's a few relevant things here.
Is the user linked to a windows user? (they should be for the access you want)
Is the tickbox ticked "user cannot use standard authentication to logon"
You probably don't want to allow that if the standard at your workplace is auto login
I have a user requesting that an employee be allowed to access only a specific sub-area in a project.
No access to the source code, no access to tests, only access to a single "area".
I have tried granting the user access as a Reader, and then setting specific security permissions on the area node. The business complains that the user has access to everything.
Is this possible to accomplish with the TFS 2013 security model?
Not trivial, the solution goes along this line.
Remove from the individual any groups except "Valid Users".
The user account must have "View project-level information".
Give the individual "View work items in this node" by right-clicking on the Area node he/she must have access.
You can add additional permission in this latter, if the person requires write access.
Define a new TFS group for these "special users".
Click on the Group Membership. This should open up the web page in IE.
Now click on the link "Create TFS Group" on the top left hand side.
Create a new TFS group for these special users. Lets call it "Special Users".
Remove the UserID of these special users from any other TFS groups that they are present.
Go to the specific sub-area in the project which they need access to. 1. Right click the file -> Advanced -> Security
Now here you can define the rights for your new "Special users group". Give them just the read access and deny everything else.