I've looked all over the admin console, but can't find where to add other users so that they can edit our listing. Can you please provide a URL/link to where I should navigate?
You may want to check this support page. You can:
assign pre-built roles for performing common business tasks
assign custom roles you create for your organization
assign more than one role to a user to grant all privileges in those roles
Be noted that you must be signed in as a super administrator for this task.
The user typically gets their new privileges within a few minutes. However, it can take up to 24 hours. When they sign in to their account, they arrive at the Admin console dashboard. Here they see the controls allowed by their privileges.
Hope this helps!
I think you want to navigate to this URL while logged in as the app project owner:
https://console.cloud.google.com/iam-admin/iam/project?project=(add your project ID)
And assign roles to different users or groups.
you can use group publishing on the gsuite marketplace:
Set up Group Publishing
You can share ownership of your items in Google Chrome Web Store with other developers by setting up group publishing. With group publishing, you can add developers to a Google Group, who can then act on your behalf. They'll have access to all the items you own and can make any changes to them that you can make.
https://developer.chrome.com/webstore/publish#set-up-group-publishing
(each member of the group should pay the 5$ developer fee though.)
You can configure the group from your webstore dashboard.
https://chrome.google.com/webstore/developer/dashboard
Related
I have a custom application for internal use only where currently users are created by a super admin. Some of the users are from within the business and some external e.g. suppliers/customers.
I'm looking for a way to integrate MS Active Directory as a login option but want to be able to restrict which users from the business can actually use this method.
I have search through all the MS docs and have all the documentation on the different oauth approaches but not sure which one would be suitable for my needs.
I am thinking that perhaps i need to give the admin a way to browse the AD and select the users that can login which then creates inactive user accounts in the mysql database with some sort of MS user ID. Then provide a 'Sign in with MS' button that does the usual auth redirection process to MS and back to the site. At that point I can check an ID and if that matches an allowed user account and if so, sync the rest of the data e.g. name, email, phone etc..
Links I've already found:
https://learn.microsoft.com/en-gb/azure/active-directory/develop/authentication-scenarios
https://learn.microsoft.com/en-gb/graph/tutorials/php
https://github.com/microsoftgraph/msgraph-training-phpapp/tree/master/Demos/03-add-msgraph
Your first order of business is enabling a user to sign in to the Laravel-based app. For this, I strongly recommend not trying to re-invent the wheel (at least not completely), and make use of an existing Laravel package. Laravel Socialite is probably the best place to start, since it has a long list of existing community-provided Socialite providers, including three which work with Azure AD already: Microsoft, Microsoft-Graph and Microsoft-Azure. (Note: Though I haven't tested any of these myself, the first two seem to be the most promising, as they use the newer v2 endpoint.)
When it comes to authorization (controlling access), you have two options:
Control at Azure AD
Once you've got the app integrated with Azure AD, you can configure the app in Azure AD to require user assignment, and then control access to the app by assigning (or not) users to the app. Users who are not assigned won't even make it past the sign-in page.
You can use Azure AD's existing experiences for managing user and role assignment for the app, or you could go all-out and build this experience directly into the Laravel-based app itself, making use of the Azure AD Graph API to create the [app role assignments](https://learn.microsoft.com/en-us/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#approleassignment-entity and user picker experience.
Hint: In either case, remember that you can make the app "superuser" an "owner" of the app in Azure AD (Azure AD > Enterprise apps > (app) > Owners), which will allow them to assign users without needing to give them any additional privileges in Azure AD.
Control at the app
In this approach, you allow all users to sign in to the app with Azure AD, but then you use your app's own authorization logic to decide who makes it any further, and what roles they get in the app.
In reality, you will most likely find the best approach is to use a combination of the two, with some of the authorization enforced by Azure AD and the next level enforced by the app itself.
If you would do it in this way, it will be necessary that the super-admin has always this permissions in the AAD. From my point of view it is less practical.
I would perfer such app-assigments with help of Service Principal. You assign a role (look for app roles) to the user and then your business logic must decide which permissions the user has. If you would use the app roles feature, then you can restrict access to the role with it's help. All the user can login, but only users with a specific role would be able to see a content of the app.
I hope this hints can help to find a right direction, but there is no silver bullet solution... :/
I am the administartor of TeamCity 9.0 which is my continuous integration server. I have added many users for different projects. They have the permission to manually trigger the build, but they cannot edit the configurations.
Now , I need to add a user so that the user can view the Web UI and get the logs etc ; but he must not be able to trigger the build. In short, the run button in the Web UI should not work for that user or should be invisible. How can I achieve that? Please help me out.
In the default installation, the All Users group only has the Project viewer role associated with it, which only has the View project and all parent projects permission. You'll see the Project developer role by default has the Run build and Stop build permissions, and many more.
What does your permission set up look like, i.e. what group is the user assigned to and what roles are associated with that group.
You can get a sort of "effective permissions" overview for a user on the "Roles" tab of a user, this shows how the user is getting permission for which projects via the groups they are in.
TeamCity provides a built-in role, Project Viewer, that grants users read-only access to projects. You can also create your own roles with permissions tailored for your team. See Administration > User Management > Roles.
Click on Administration on top right corner. Under User Management on left side of the UI, click on Users. Click on the user you want. Under Roles tab select Assign Role. In the pop up select what privilege you want to give to that user for what project.
Check this link https://confluence.jetbrains.com/display/TCD9/Role+and+Permission for knowing about different types of users in TeamCity.
I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.
My Understandings
I know we can add Group with some permissions and then we can create users with some permissions and finally we can add users to multiple permissions Groups. We can call these groups as roles as well. This is fairly simple.
The Real Problem
suppose we have teams and team members modules. A user "abc" is a member of multiple teams A, B, C. In team A the user's role is TeamLead. In team B his role is Assistant and in team C his role is NormalMember.
Now the problem is every one can see the list of teams. We need to display the Edit and Delete icons against each team. but only the authorise user can see the edit or delete link based on their role in the team inside a loop.
This is something linked with adding/removing roles or permissions on the fly.
Do you have any idea that how can I achieve this? how can I check permissions inside a loop with different roles in different teams.
Thanks in advance.
regards.
you can check whether the group is assigned to the user and accordingly show the buttons
Also use has_access attribute of sentry while defining route. In this case you can limiting the access of route itself if user try to access edit or delete functionality through url
I created a workflow . My workflow sends e-mails to users who has salesperson security role. But I have big problem. After I export and import customizations in different company users of old company are shown on the e-mail template. How can I create a worflow which sends e-mail to users who has selected security role.
Regards,
Erdogan Uslu
The workflow editor isn't that powerful. You can't select a bunch of users with certain attributes and apply an action to them. You'll have to create a custom workflow activity. Run as the admin user to retrieve the list of users with a certain role. Base it off the SDk article Retrieve the Roles for a User
You would need to reverse this expression, so to speak. Add a condition expression on the role link, to match on the role name. Then you would remove the condition expression from the system user link. Make the role link a child of the system user link (right now the systemuser is a child of the role link). Change qe.EntityName to "systemuser".
You'll then need to create an e-mail. See SDK articles on sending e-mail and creating workflow activities. Hope this helps.
Using a security role like that is quite a weak mechanism for grouping users. CRM has the concept of a Team. Can't you create a Team, then send your email to the team?