I need to set up security control on an Access 2010 database (split into App and Data files). I want to control security per 3 levels: db admin, biz admin, biz users. 3 levels of security.
I assign security to users in a table with user's name, user's windows LogIN ID , and security level: 3 fields. Access automatically recognizes the Windows login user using the Access database (via the app only).
How can this be set up ? Any guidance on security control per this setup is appreciated.
Related
Can anyone help me configuring my Spring boot web app to access or have login from 2 different MySQL tables?
App should login access from 2 different MySQL tables(users and admins).
Upon login, they should be redirected to their respective dashboards.
For now, I am able to configure my web app to access user details from users table, unable to access admin table for login.
I'm trying to create an app within the Azure app management portal that will serve as a template to be used with any tenant. Basically what we are trying to do, is create a connector that will be approved using admin consent, and receive application level permissions to read all the emails in the organization using Graph API.
What I have managed to do so far is create an app within our own tenant and get application level permissions for this tenant only. This enabled me to successfully read all emails in my organization only (which is not possible using delegated permissions).
What is the right way to receive application level permissions for any tenant, using admin consent? Is the only way to do it, for the specific tenant to manually add an application that will receive admin consent?
I am using django with the social_core module.
Something does not add up...
Thanks.
You can register a single application (with a single client ID and set of credentials that you control), configure the permissions you desire/require, and then customers from different tenants can each grant admin consent for your application, in their own tenant.
If your application/service does not have a sign-in experience (i.e. it is exclusively used as a background service and users never sign in to it), you can construct the admin consent URL, such as:
https://login.microsoftonline.com/organizations/v2.0/adminconsent
?client_id={client_id}&scope=.default&redirect_uri={your_redirect_url}
You can read more about the admin consent endpoint at: https://learn.microsoft.com/azure/active-directory/develop/v2-admin-consent
I'm trying to deny presentation read privilege over an object on obiee12c RPD but it seems that my denial doesn't work and I still see the object.
I have created a user and his group on Console Administration and linked the group and the user to an application role in Enterprise Manager (this role has the same application policy of the default BiContentAuthor); after that I set the necessary privilege accessing the administration tab as weblogic user in BI analytics.
With the default application role I don't have problem to handle RPD privilege but with the newly created one I don't understand if I skip some steps,
any suggestion?
If can help I can post every necessary screenshot
EDIT:
This is a more detailed explanation:
I have two columns in the same datamart model:
1) a column with phone number (like 321 7654321), called "Phone"
2) a column with the same phone number censored (like *******321), called "Asterisked Phone"
I want that the users of a group can see only the column with the regular numbers, while the users of another group can see only the asterisked ones. To do so:
1) I have created a new application policy that is a copy of the default application policy applied for the default application role BIContentAuthor (to have some kind of simmetry)
2) I have created a new application role, called "BIContentAsterisk" and I have linked it to the newly created application policy
3) I have created, on WebLogic Console Administration, a new user, called "test.user", and a new group, called "BIContentAsterisks"
4) I have linked "test.user" and the group "BIContentAsterisks" to "BIContentAsterisk" application role in Enteprise Manager
5) Accessing the analytics with weblogic user I have setted, in the administration tab, the same privileges that has BIContentAuthor for BIContentAsterisk
6) I have setted in the RPD a denial to see "Asterisked Phone" for the group "BIContentAuthor" and it does what I expect
7) I have setted a denial to see "Phone" for the group "BIContentAsterisk" and it seems like it was ignored
As you can see from explanation the new user, group and application role were created with some kind of simmetry in mind as they have to do pratically the same things apart from see each one a different column for the phone number
In the RPD a grant wins over a deny. In the catalog a deny wins over a grant. So if you have conflicting rights in the RPD...you will still see it
How could I implement switching accounts like Facebook ( Private Account -> Page Account ).
The case would be identical to Facebook scenario:
User logs in , create eg. a business account, and then he can switch to that account and continue as a company ( in order to change settings etc. ). Then he can switch back on personal account.
One company account could access multiple users (eg . Employees )
I would add that the only way to switch to the company account, is the earlier log in as user (no logon directly to the company's account - no password).
How could I implement that in Spring? Maybe spring security has similar functionality?
Use Spring Session. It supports multiple account logins in the browser.
Multiple Browser Sessions - Spring Session supports managing multiple users' sessions in a single browser instance (i.e. multiple authenticated accounts similar to Google).
Docs here: http://docs.spring.io/spring-session/docs/1.0.2.RELEASE/reference/html5/
I don't need AD for anything more than getting a list of user names. My application uses it's own, custom auth, but it does checks based on the domain username of the logged on user, so the user names in my Users table should match those used by the logged on users.
E.g. For domain user johnblack to access features in my app, the app admin must create a user in my app called johnblack, but when creating this user, the username is a free text field. This allows the app admin to mistakenly create a user called jonblack. I want to make the user name field a dropdown, populated with users from the domain, when the admin adds a new user.
However, the epic saga involved in getting AD running on a VM on my Win 7 Home laptop is just too much overhead for now. Are their any mocks I could use, where my C# code needn't change to switch over to real AD?
Have a look at Active Directory Lightweight Directory Services (AD LDS) - formerly also know as AD/AM (AD Application Mode).
http://msdn.microsoft.com/en-us/library/windows/desktop/aa705886%28v=vs.85%29.aspx
It's a lightweight version of AD, which smells like AD, behaves like AD, but it's a NT service that you can start (and stop) at will, and it doesn't completely take over your machine/server - you can easily disable/uninstall it.