There is a Spotfire Server (7.0) with several deployment areas and users and I want to give permission to all these users to be able select the deployment area, when logging in into Spotfire Professional.
So far, I was able to solve this only by adding these users to the Administrator group, but another solution is needed, because I don't want these users to have administrator rights.
Is there a way to give permission to the users to be able to choose the deployment area, without giving administrator rights to these users?
users who have permissions to access multiple deployment areas have the option to choose or pre-select a deployment area.
you can assign a user group to a deployment area using the web console (this assignment is not available in the Administration Manager):
access the Spotfire Server in your browser as you would to deploy a new package
go to the Groups tab
search for/select the group you'd like to assign (or create a new one)
click the Assign Deployment Area... button
choose the area and click OK
so, you can create two new groups "Dev" and "Test", assign access rights to each groups' respective deployment area, then add users to those groups.
I think users will need to modify the server properties from the login screen to choose the deployment area. it might be easier for them to have a separate entry for each deployment area on the server, that way they can choose from the combobox on the login screen.
Related
I have downloaded VisualSVN Server, version 5.1.1. In the left panel there is only Repositories and Jobs. I want to add new users for learing and testing purposes. However I can't see any settings to do so. I currently dont have a licence. Is this the main reason? If not, how can I enable Users and Groups folders or how can I reach to related settings? Keep in mind that I'm a completely newbie to this application. Any help is appreciated, thanks
I have tried to find related settings in autentication properties but I got confused and bogged down. I have tried to open the application as Administrator, still couldn't find or make sense of settings.
I also tried to find subversion authentication settings which is normally in the main page.
In the MMC snap-in, you should have a Users option down the left hand side of the tree. However, on the main Visual SVN page, you have various options, one of which should be Subversion Authentication. You can also add users and groups using the options here also (see below, for a screen shot of my SVN Server). Regarding the license, that shouldn't be an issue, as long as your requirement fits withing the "Community" licensing requirements.
If you don't see options to Create Users / Groups, use the Configure Authentication Options and set the Authentication Mode to Subversion Authentication. This will allow subversion to authenticate users based on a list that is setup within the server itself. Hope that Helps.
The Users and Groups folders are only available in the management console when your server is configured to use the standalone Subversion authentication mode. When this authentication mode is active, your server maintains a dedicated list of user and group accounts.
However, your screenshot shows that you've enabled Windows authentication. In this case, your server integrates with your Active Directory domain / Windows, and user and group accounts are maintained by Active Directory. I.e., you don't need to create users and groups in VisualSVN Server. They are already created in your domain and you can grant permissions to these accounts via the management console.
You can find more information about the authentication modes in the article KB182: VisualSVN Server authentication modes.
Trying to enforce that only an app can deploy changes to our team's azure functions so I want to disable a user from being able to web deploy changes.
Background:
The deploy app is triggered in a build pipeline, once changes have been signed off in code review.
There are 2 ways
WAY - 1
You can choose Reader in order to make the user not to have certain permissions. To set RBAC rules for certain users.
For assigning the role for resource scope you can directly do it from azure portal itself. This is the procedure that you can follow.
Select the resource that you want to assign.
Under Manage, select Roles to see the list of roles for Azure resources.
Select a member or group you want to assign to the role (READER) and then click Select.
For more information you can refer it from HERE.
WAY - 2
Add permissions for the users in Azure pipeline.
From within your project, select Pipelines > Pipelines. Select the All tab, and then select the more actions menu then Manage security.
On the permissions dialog box, make sure the following Role (READER) permissions are set to Allow.
For more information you can refer Pipelines user permissions - Azure Pipelines | Microsoft Docs
I'm trying to setup continuous deployment via the Aure Portal.
When doing this via the VSTS account (let's call it "VSTS Account A") which is owned by the same account owner as Azure, everything works fine.
In this case I'm trying to configure continuous deploymenet from source code held in another VSTS account (let's go with Account B).
The Azure account owner is not the Account B owner but is an admin (member of Organization Administrators) for Account B. The owner is also listed explicitly as a member of at least one project within Account B.
The problem is that when it commes to configuring "Deployment source" within the app service section, Account B is not listed as an option to choose from.
I've followed various links (e.g. part 4 of this page) about linking the VSTS account with an Azure account but still no joy. There are a couple of problems here:
The Azure classic portal has a New button within the Visual Studio Team Services section but when I choose Link To Existing, I get the following message:
Make sure you’re the account owner. If you are, maybe your account is
linked to another Azure subscription or connected to another Azure
Active Directory
Account B is not linked to another Azure Subscription or Azure AD.
The new portal doesn't even have an option to attempt to link a different account, plus the menu link says "Team Services Account Preview" so whether the Preview status has something to do with it, I don't know.
I'd have thought this would be a relatively common use case, has anyone had any joy setting up something similar?
I was finally able to choose the relevant account by making the VSTS principal a co-admin in the Azure account which contains the web app, signing in as that user and changing the directory to use from the the user dropdown menu (top-right). Note, the user account in question is already an administrator for a different Azure account, just to complicate matters further. I only had the option to change the directory once the user was a member of multiple directories.
So I finally got it configured and committing code to the specified branch was triggering a deploy. However, it transpires that setting up continuous deployment from within Azure gives you limited scope and I got constant errors which were not straightforward to fix.
I ended up getting it working properly by following these instructions:
Build: https://www.visualstudio.com/en-us/docs/build/apps/aspnet/ci/build-aspnet-4
Deploy: https://www.visualstudio.com/en-us/docs/build/apps/cd/deploy-webdeploy-webapps
Configuring it all from within VSO gives you a lot more clarity about what's actually happening.
When doing the initial setup, I had to go through an authentication step with the Azure account I was trying to deploy to and that process launches a pop-up window which was getting blocked so I missed it at first.
The initial build and deploy were fine but I was getting a build error when being triggered from a code commmit. This is because the Build Definition --> Variables --> BuildConfiguration value was set back to Release even though I set it to the correct value for my project when doing the initial configuration. Once I updated that, the next commit triggered the build which in turn created the artifact which in turn triggered the deploy which went through fine.
Googler from the future here, I had the same problem and came across a really good article called "DevOps: Connecting VSTS to Azure by Ken Muse" enter link description here
This worked like a charm for me from the first try!
I am new to SonarQube and trying to setup up a proper access control, with requirements as follows:
We have a few project areas, each area should have someone able to
manage their area, such as creating new projects and manage the
boards, not sure exactly what. This is something like project area
administrators.
A few administrators can do anything.
Integrate to AD
A few questions:
In a few places like this link: http://www.sonarsource.com/products/features/security/, I see this role based method, but I can't find these default roles, "SonarSource products come with three project-specific roles – project administrators, project users and project code viewers" anywhere in the system. Right now, I am using the community edition I guess without a license. Is there any more detailed document on that?
I kind of understand the default Global Permissions and Project Permissions. In my case, shall I create e.g. three groups in AD, sonar-administrators,sonar-project-administrators, sonar-users to map to the default groups?
I notice the following: right now I don't have the above AD groups, when I integrate to AD, I can login with my domain id/password, but once logout/in, the group information I added to the local user gone. I guess it sych with AD. So to use AD, I have to create these groups in AD?
Jirong
Access control in SonarQube is managed through Global Permissions and Project Permissions. Each permission can be granted to user(s) and/or to group(s). The documentation you pointed at is quite outdated, read the Authorization page for the most up to date details.
AD/LDAP integration is a different topic, documented here. With group mapping, group membership stays managed in AD but will be replicated in SonarQube when users log in (the AD groups must first be created in SonarQube with the same name).
To your example: if AD users belonging to group foo deserve to administer your SonarQube, just create group foo in SonarQube, and (in the Global Permissions settings) give Administer System permission to group foo.
I need to create a temporary folder that will be accessed from the application only.
It means that even current user and system administrator are not able to open it from the Explorer.
While application is running, there'll be some files put into it. Once it's terminated, folder and all its content are deleted (again programmatically, no manual delete ability).
P.S. I found few posts here but there are no proper solution given yet.
Thanks in advance.
Windows security does not work that way. You cannot restrict access by application, only by user. If you want only your app to have access to a given resource then you have to create a new user account, configure the resource to grant access to only that user, and then run your app using that user, or at least have your app impersonate that user when needed. Files/folders are securable objects, and Windows security is based on user accounts.