Is it possible to add the default user session whos user name is "default guest" to a custom group (ex. Guest) to be able to make use of the Wakanda class permissions?
Or group methods like this?
currentSession().belongsTo('Guest') // true
Unfortunately a documented way to alter the permissions of an anonymous user is not available at the moment.
An alternative way consist into creating a custom "anonymousUser", add it the custom "Guest" group and modify the "Guest" group permissions attaching to it the desired restrictions.
This custom anonymousUser should be logged in at the application start/page view emulating the behavior of anonymous user.
Related
I want to hide a button on the ribbon for all users except System Admin and I do not want to write javascript to check the security role of the logged in users. Is there any out-of-box way I can achieve this?
Also is there any entity that only admin has access to which I can use to hide show the button?
Yes, you can achieve this without code.
One option is using MiscellaneousPrivilgeRule under display rules and making sure to pick some privilege like Publish Duplicate Detection Rules which may not be given to non-Admin roles.
Read more
There’s no OOB entity for that purpose, you can identify one in your system or create a dummy entity for that purpose.
Yes you can try this option.
Create a Custom Entity (Custom Button Privelege)
By default only Sys Admin/Cust role will have Privelege to do CRUD operation.
In the custom button -> Display Rule. Set a Entity Privelege Rule based on the custom entity.
Now the button will be visible only for the Admin users & will be hidden for other users.
Similarly we can modify the security role for others as well.
I just signed up for a dev test account with Okta to test OIDC using Okta's auth service and user management.
Using their management portal, I created a second group called Test Group along with the default group of Everyone and added my single user to both groups.
I then added an application called My SPA and assigned the Test Group access to this application.
Using the classic UI, I then edited the OpenID Connect ID Token section and set Group claims type to Expression and added groups as the claim name and getFilteredGroups(app.profile.groupwhitelist, "group.name", 40) as the expression.
I then went and edited the authorization server. I added a claim called 'groups' with a RegEx of *. to be used with any scope, access tokens and always include.
I then use the Token Preview selecting my user and using implicit grant flow but no groups show up.
How do you get a user's groups to show up as claims in the ID or Access Token from an Okta auth server?
Edit
Screen shots of what I have:
I’ve only ever used the Developer Console to configure things. Here’s how I did it:
Navigate to API > Authorization Servers, click the Authorization Servers tab and edit the default one. Click the Claims tab and Add Claim. Name it "groups" or "roles", and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of .*.
You need to add the "groups" scope. In the scope, add "groups" in addition to profile and openid
I think the Groups here are created in order to park users in respective buckets (e.g. Admins / Users etc) so that by knowing the Group of User, the role can be derived for Authorizations.
However, I will recommend to use Okta's Custom Attribute in Users' Profile so that the User Info can have required attribute.
The Custom Attribute can be set as Dropdown styled Enumeration to choose from and can also be marked as Mandatory while adding User in system.
https://support.okta.com/help/s/article/How-to-create-dropdown-enumerated-custom-attributes-in-Okta?language=en_US
Adding Custom Attribute - https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-add-custom-user-attributes.htm
And Mapping Attributes to Okta Profile -
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-attribute-mappings.htm
Hope this also helps.
I have created a user group "Sub-Users" under the "Registered" user group.
Now I have created and assigned some menus for Registered group and Sub-Users group.
Now when I logged in as Registered user I can't see the Sub-Users group menus and its OK for me,
But when I logged in as Sub-User group I can see the both menus (Registered & Sub User Group) and its not OK for me.
Now I am looking for solution if I logged in as Sub User I want to see only Sub User menus.
Can you please let me know if there is any solution.
Thanks
Access control is managed via 'viewing access levels' as opposed to 'user groups'
If you haven't already done so, check Users > Access Levels. Open the level names in question and check which groups you have configured for each access level.
Good luck!
My client wants the access to create users and roles in magento, i have already given him a limited users created by myself, in that users there is not permission to add users and roles.
My question: Is there any way i can give him permissions to add users and roles but, all the menus that i have made hidden should stay hidden.
What i Want to achieve
I want to give access of creating roles and users to my client, but i don't to revel some menu like "System" to him
In Magento 1.X:
System->Permission->Roles->(Role Name)->Roles Resources->Custom
In Magneto 2.X:
System->User Roles->(Role Name)->Roles Resources->Custom
To give the access for "Roles and User" you have to reveal the
"system" menu to the user as it's the parent of "Roles and User". But, you can disable other inner menus by unchecking them.
You have to only check the System > Permission > Roles > User Bosex from Roles Resouce Tree and it will only allow the user to access the Roles and User.
I have a application that have a lot of users and among them only one is super user. I want to use this super user account to use active admin and other users will use my custom admin dashboard.
You can have a boolean "admin" attribute on your users and then check for that attribute using a custom AuthorizationAdapter.
Check this part of the documentation for further information: http://activeadmin.info/docs/13-authorization-adapter.html