In my work we have users who access a Web based tool called Microstrategy that serves different reports from different projects. Users are added to various groups in the Developer tool by importing them from the selected domain they are on into a specific group that gives them access to only the project > report they require. Most users come from one main central domain, some others are still on old domains.
I am currently involved with admin on this system and I am experiencing a problem I cannot get to the bottom of. I think they problem lies in no man's land, I don't know if it is a problem with network, domain, or something else?
Most users will be set up with authenticated login, meaning that when they click on the respective link for their report they are logged straight in using their windows credentials.
In this particular case however the user does not seem to be able to login, but can get in by manually typing their username in (username and password) to access.
I'm not sure what the problem is, why it won't authenticate automatically like most of the others do? I don't know if this makes any difference but when I RDP into the machine I cannot see the C drive due to 'admin restrictions on effect on this pc'.
I don't know what this restriction is and if it is a symptom or related to the login problem. Is there a way of fault finding this?
Thanks
Andrew
The answer to this partly depends on the version of MicroStrategy you are using.
Forget about RDP to the server, you won't need that.
Assuming you have access to edit and change users with the Developer tool, open Developer.
In the tree on the left,
open the "project source" (the top level of the tree)
then Administration
then User Manager
then find the user, most likely within one of the groups you have set up
right click on the user and choose Edit
go to the Authentication section
There's a few relevant things here.
Is the user linked to a windows user? (they should be for the access you want)
Is the tickbox ticked "user cannot use standard authentication to logon"
You probably don't want to allow that if the standard at your workplace is auto login
Related
I have developed an app that synchronises our users' Google contacts with the School's database. When I submitted the consent screen for verification I was asked to change the display name, as it violated branding policies by including GMail in the title. However when I try to update the consent screen in the API Console, after changing the app name the Save button remains greyed out, so I can't change it. How do proceed now?
Note the app is currently in use with an unverified consent screen, but new users are now unable to sign up since Google appear to have tightened their policies.
Also the app is only used by members of our organisation, so it should really be an internal app. However the Make Internal link is deactivated, apparently because I am not a G Suite User. However we have a G Suite for Education account, so does this not make me a G Suite user?
As no-one has provided a solution it looks like there is none. Therefore I’ve resorted to my plan B, which is to create a new API Project and consent screen, This time I created it as an internal project, which avoids any complications of validation. The previous project was created public as it was envisaged that parents with private Gmail accounts might also use it. However with the constraints of GDPR it has been decided to restrict it to employees only. Fortunately I have found a way for existing users to continue using the old version, while new users have to register using the new consent screen.
It appears that the message about not being able to change to a local project if you’re not a G Suite user is a red herring. I suspect you just can’t change project type once it’s in use, because of the possible implications for existing users,
An Customer ask me to implement it at his Webpage, because he don't have the technical Skills to do so.
I wonder, what's the right way to do this.
On other Google-Services (like Google Search Console) the User can sign into his account and grant me permissions as Guest (he invite me as guest to his account and gave me permissions).
This is a clean way to do, because If I stop working for this customer, he can easily remove the permissions of my login and all is fine.
But how does it work at Google ReCaptcha?
Looking forward to hear, how you solve this.
it better to use the user's credentials for this purpose, just take client's primary or secondary email (or create a email for the project) and make it base for everything that's needed for your project like recatcha, search-console etc. you can use it as long as you are working, and client can simply change n give the credentials to next developer and he can continue.
i am web developer and i face this situation many times, this is best solution in my opinion.
I work with Dynamics 365 Portals.
The rich-text editor is missing, how do I get it back?
I (my user) have all four webroles, including administrator. I am logged in. I have tried to clearing all cashes and reboot the portal itself. My coleagues are also unable to see it. Nothing works.
Any help is appreciated.
Thank you.
Few things to check.
There should only be a single Authenticated web role and a single Anonymous web role. You don't need to assign these web roles to your user, they are applied automatically by context.
Check you have a web page access control rule setup to grant change, that is linked to your Administrator web role.
Make sure you clear the server side cache.
Sorry, I do not have enough reputations to comment.
I am assuming that you don't see the front side editing tools.
9 out of 10 times, this is typically to do with the cache not clearing properly. Could you changing something on the webpage and check if the cache is clearing properly and the newest webpage content is surfacing on the portal?
Also, by default, the "Administrator" web role is associated with the appropriate "Website Access Permission" to provide you with the front side editing capability. If for some reason, the Website Access Permission is not associated with the Administrator web role, even if you belong to the Administrator web role, front side editing capability will not work.
Is there any way to login other users account for admin user ?
Currently authentication based on Meteor Accounts
I saw this post but didn't working at all now.
The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.
Thanks in advance.
It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.
afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:
Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.
You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.
The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.
Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.
You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.
Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.
This requires a well designed role system.
As a plus you could then at least load the documents associated with the user who you want to support.
This requires a well designed document and data model.
But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.
This will reduce the need to manually view the app as an end user a lot.
The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.
Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.
All the above methods are to be favored before logging in AS THE USER.
As #Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.
Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end.
Here is how to restrict client end update in users collection:
Meteor.users.deny({
update() { return true; }
});
Read more on roles and permissions here:
https://guide.meteor.com/accounts.html#roles-and-permissions
I have ran into a problematic situation, which I really hope I can get help with.
I'm working on Jive Software solutions and we have a product that integrates Google Drive and Gmail.
This integration product was once part of a startup that was acquired by Jive and as such, the Google api project we are using for the integration belongs to a Google Account of a specific person which no longer works in Jive (we do have the credentials for the account though).
The problem is, that we want this account to be ours, i.e, a Jive software one.
So, one option I have, is to create a new account and replace the api account I'm using in the code to use the new one. This is bad, as it will break all the current authenticated clients, and will force them to take the oauth process all over again.
The other option I see, is to convert the existing Google account we are using to a jivesoftware one, so it will not be associated to any specific person but it will still be the same account.
Specifically I'm interesting in changing the Name and Email of this account.
Any suggestions of how we can achieve that?
A third option could be moving the api project to owned by another google account, but I couldn't find such an option in the UI, any clue?
There is no way to change a gmail address. You can forward all email to a new address with the name and email address you would like though.
This way you access all the email from an account that is a Jive software one but it is being forwarded from the old one still. However no one directly accesses the old one.
Check out https://support.google.com/mail/answer/10957?hl=en for more info.
According to the documentation, if you use Gmail with your Google Account, it's not currently possible to change your Gmail username after you've registered. with your username being the full email address you used to create your account. You can, however, change your nick name by going to https://myaccount.google.com and clicking Personal Info.