I have enabled AD authentication in my NiFi cluster. Now I want track the activities of users like (Which user has triggered a particular flow). Is there any possible way to do this?
How can I pass logged in username as a attribute in a flow?
Thanks,
Ankit
Components in the flow purposely cannot access user information since they are running independent of any user.
User actions are already tracked by NiFi itself, if you go to the hamburger menu in the top-right and select Flow Configuration History you will see every change to the flow and which user made it.
Related
I want to register a plug-in in Plugin Registration Tool when a user logs in to Dynamics CRM. For this I don't want to use Audit. I want to catch the login event directly.
If this is not possible, is there any log that is create in every login of the user.
As far as I know, No you cannot do so.
But CRM has provided few different ways where you can check which users are currently working/logged in.
Go to Settings--> System Settings--> Auditing and then you can enable audit user access.
Above will enable for all users and then you can see audit data as below.
Ref for 1st option https://blogs.msdn.microsoft.com/emeadcrmsupport/2015/07/09/dynamics-crm-audit-user-access-data/
Now another way you can do so it visit url https://admin.powerplatform.microsoft.com/
Here go under analytics and then common data service. You wil get most of the info
High level design of what I would do:
Make/identify a default dashboard for all users and keep a HTML web resource in there
Web resource can have a method to invoke Xrm.WebApi.online.execute for executing a Custom Action by passing parameter to include IP, Lat, Lon, Browser details. Read more
Register a plugin on Custom Action message to trigger and achieve what you want there
I created a multi-tenant application where each tenant have different set of users. I am trying to implement a functionality where same user might exist in different tenants. Does outsystems provide such functionality or I have to create my custom logic ?
Right now, I did create a user having same username in 2 different tenants and during login I am showing user to select tenants. But on changing tenants and logging to that tenant, the environment doesn't switch to that tenant that user has selected.
Below is the image of the logic of switching tenants and logging in the customer.
During debugging I saw that after executing TenantSwitch action it did change the Site.TenantID property but after User_Login action is reverted to the first tenant not the one user selected.
When you use User_Login(), the system will log you in the first Tenant it finds in the DB that has that username, thus ignoring your TenantSwitch().
So, if you want to login to a specific Tenant in your case, you need to be more explicit and instead use the Login() action - after the tenant switch.
For a thorough explanation of this, with example code, please check out the following deepdive Master Class on Multi-Tenancy starting around the 27:20 minute mark.
This isn't available out of the box as OutSystems assigns users (and all entities) to a specific tenant. Entities belonging to single tenanted modules are assigned to the default tenant.
OutSystems uses a hidden .Tenant_Id attribute on each entity to indicate which tenant that user belongs to. You can unhide this attribute for the users entity by selecting it, clicking More... and then ticking the relevant box in the Advanced tab. You can then access the attribute directly, but be aware this will hinder OutSystems' ability to do some of the stuff it does automatically to ensure that you access tenant specific data.
When you use the User_Login action OutSystems will deduce which tenant to use from the User.Tenant_Id attribute regardless of which tenant you've switched it to previously. The user would need an account for each tenant they need to use, but there's no reason this couldn't be done behind the scenes with OS fetching the correct username before logging in. You'd need to ensure they all stay in sync though, especially the passwords ofc.
I am aware of adding/managing users from GUI in NiFi i.e. a admin user and add user and groups/policies etc.
This is maintained in users.xml file.
I wanted to know, can we manually add records in users.xml instead of GUI?
If yes, how is identifier tag of user derived by NiFi. For e.g. I see a tag:
How is above identifier generated?
The reason for above is, we can maintain the users.xml file in our code base and whenever new users need to be added in NiFi, team can update its details in this file and release and we re-start NIFi. We do not have to rely on GUI to add new users.
Is it possible?
EDIT:
To be more clear, currently we have ldap authentication in place using ldap-provider. So that part is fine. I am not lookng for ldap authentication to NiFi.
Now for actual roles/permissions for "authorized users" i.e. who can see the processors/components, create new processors, query data provenance etc admin go to NiFi UI and add users/groups/policies etc. These details are then updated in users.xml.
I am specifically looking to achieve this activity via automating or from backend.
As per the response from Bryan, I think the feasible solution is using Nifi REST API for that.
The users.xml and authorizations.xml really shouldn't be manually edited/maintained, they are internals of the file-based authorizer that are not meant to be a public API.
It would be better to maintain a script that looped through a list of users and used NiFi's REST API to see if the user existed, and if it didn't then created the user using the REST API.
Another option would be to load your users from a Directory Server. This is detailed in the admin guide [1]. This implementation is configured with an interval for retrieving new users from the Directory Server.
[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizers-setup
users.xml doesn't intended to updated by users. This can be overcomed if you use external authentication providers ex. ldap-authentication provider
IBM Knowledge Center states that
Server disables security access checks during subscription execution
but does not mention the user credentials the code uses to execute which you need to know in order to map user RunAs roles on the application server.
What user credentials does FileNet use to execute event action code?
As I understand, when you create async subscription it will be executed under p8boostrap user.
And it will keep user context when you execute syncronious subscription.
But you can check it for sure.
It is using the user who triggered the action. E.g. if a user changes a property of a document (let's say DocumentTitle because it is always there) and clicks save, then an update event will be triggered which launches the subscription (if subscribed to the update event) which launches the action. Use synchronous for short running tasks, you can immediately show the update to the user. With asynchronous the user will have to click "Refresh".
Security can be a pain if not planned carefully at the beginning, for the action to be executed, the user has to have rights for the subscription, action event, document class etc. basically for everything involved or the user will get a cryptic error message when trying to modify the DocumentTitle.
Source: personal experience, sorry no official reference, if in doubt verify first.
Hi I am customizing OpenERP. I want to restrict user to login into application once at a time. That means; I have a user called "Accountant". I want only one session should be allowed to login with "Accountant" user name at a time. Others can login with their own user names.
Like that application should allow only one session for each user at a time.
I have not seen any plugin for this. Can I do this through customization?
Please guide me.
This blog highlights how to do it. But I don't think there is a live implementation of this available as open source http://www.zbeanztech.com/blog/how-restrict-multiple-logins-user-openerp-0
We do plan to do it ourselves as well but haven't had a moment yet.