in Admin panel , admin could add new admin users or manage existing ones .
the problem is when I try to change one of users password using ChangePassword control .after successful change , the logged in user is changed .
eg I log in as "admin1" . I go to UsersPage . I try to change "admin2"'s password . after that the name in Loginstatus control at the top of page that shows current user's name displays "admin2" !
Edit : I even tried it in a an empty project with just asp.net controls without a line of code but still current user changes after change password for any user
Edit : now I use ChangePassword method of membership instead of asp.net control and the problem is solved !
if i am not wrong, here is the anwser. "admin could add new admin users or manage existing ones ."
basically he is also a admin(admin 2 user), so when he's editing his password, asp.net membership will check for cookies.as the user(admin 2) has the permission to do changes,so the login control displaying (admin 2 user) name.
in behind the scenes, asp.net membership will check for the
particular user against whether he's in the specified role or not
(in this case "Admin" role).
if the user exist, in the role, then it will allow to do changes
Related
We have table Transfer Order:
This is the view from admin User.
This is the view of the user to whom I need to give read , write, create and delete access, but the two fields 'To Stockroom' and 'From Stockroom' are not visible to this user.
I have created ACLs like:
how I can make these two fields accessible to some user?
Please help me.
In order to find the specific ACL that is failing the user's request for access, you can simply enable the Debug Security module. Then impersonate the user, visit the record, and scroll down the page. You'll eventually come to a line like this:
This red X indicates that a condition of the ACL was not met. Clicking the ACL (In this case, record/alm_asset.model/write) will take you to the specific security rule. Hovering over the red X will tell you what portion of the ACL was not met; the condition, the script, or the role requirement. That is what you must remedy either in the ACL, or by granting the user the necessary permissions.
I suspect in your case, that the user is able to see the record they're viewing, but does not have access to view the record or table referenced in the reference field. However, only the ACL/security debugger can tell you for sure.
To stop debugging, just click the "stop debugging" module in the app navigator, or log out of ServiceNow.
I have a query that is surrounded by a fair bit of grey area. When a user accesses the WCM servlet using the authenticated context (www.mywebsite.com/wps/wcm/myconnect/xyz/), if user is not login it is redirect user to hostname:port/wps/wcm/webinterface/login/login.jsp
I would like if user is not login user should be redirected to http://www.mywebsite.com/wps/wcm/webinterface/login/login.jsp instead of http://hostname:10039/wps/wcm/webinterface/login/login.jsp.
So, is it possible to achieve this and if so, would anyone have a suggestion?
You have to configure WCM_HOST and WCM_PORT variables with the fully qualified host name used to access the WCM.
In admin console:
slect Environment > WebSphere Variables
From the Scope drop-down menu, select the Node=nodename, Server=servername
Update the WCM_HOST and WCM_PORT variables
Save, Restart.
I am using Ion_Auth and I have a problem. I have looked for the solution but there is no progress yet.
As an example, there is a user and his name is Alex.
When Alex is logged in the portal, He should see his name Alex and then if he clicked his name, he will go to his user settings to edit his details. The problem is I can't show the first_name when a user have logged in.
How can I do that? I don't know what codes I can publish for this situation. Tell me what you need as code, I can publish if you need.
Having never used Ion_Auth, I decided to have a look at the repository on GitHub. You could use the user_id and pass this to a model method to get the first name (like umefarooq has suggested).
However, I would pull the first name from the database and store it in the session when the user logs in. This means you don't have to go back to the database just to get their name.
You can see in the Ion_auth model, this line;
$query = $this->db->select($this->identity_column . ', username, email, id, password, active, last_login')
https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/2/models/ion_auth_model.php#L985
You could just add the first name row to this query, and it will be added to the session when the user logs in.
You can then access it by:
$this->session->userdata('FirstName');
Hope this helps.
The easiest way is:
$user = $this->ion_auth->user()->row();
echo $user->first_name;
When the user logged in successfully, store his/her first name into the session variable.
then call the specific session variable on where you want to display.
NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.
I am using sentry for my application.
but, I am still confused to implements sentry permission to declare the owner of the object.
for example : any authors writing an articles.
my question : how to set permissions by the owner of the article ?
I wouldn't see Sentry as being used for this, as it is a simple comparison of current user id to article author id. To use the default Sentry permissions for this you would need to add a new permission to the user permissions for every article that the user added, as far as I am aware - or otherwise extend the Sentry package with a custom function to handle this.
Another approach would be to use Sentry to check if the user is allowed to add an article in the first place, by adding author permissions to the user, or creating an authors group, and then check if they are the owner by just comparing the user and author id. You could also have an edit permission or group for users that can edit any article. Checks would then be something like:
//see if user can add article via sentry permissions
if ($current_user->hasAccess('author'))
//see if user can edit current article if they are author, or have edit permissions
if (($current_user->id == article->author_id) || $current_user->hasAccess('edit'))
with the hasAccess('edit') part using Sentry to check if user can edit the article even though they are not the author.
You would probably want to abstract out the owner check though if you are checking in multiple places in case you change the way you evaluate ownership at any point.