In Artifactory, how do I create a single generic repository that will serve 2 teams for artifact deployment - each team needs to have access to only their team-specific artifacts.
This is possible. You need to make use of Include/Exclude patterns.
You can create a permission target that gives access only to the specific path.
Admin > permission target > Create new > add the repository(generic in your case) > Remove the default include pattern / and add your include pattern > path2/* > Add the relevant user or group to this permssions target > save it.
If the user logsin now, he will be able to view only his artifacts under the path.
Also, depending on your usecase, you may want to remove the default read access in user permissions.
For other team, you need to create another permission target with the path you want.
Related
Please explain how content security works on SenseNet.
Especially how to read the following SN database view:
PermissionInfoView
What EFEntries(LocalOnly) flag is used for?
In a nutshell: it works very similarly to the file system permissions in Windows.
You can define permissions for individual users, or (more preferably) groups and org units. Defining a permission happens on a content, usually on a container like a workspace or folder. For example you give Open and Save permissions for the Editors group on the Articles folder.
There is inheritance: child content will inherit permissions you defined on the parent folder (unless it was defined as local only, which means not propagated to children). For example if you define a local only Save permission on a document library for John, he will be able to modify the doclib content itself (e.g. change its display name), but not the files inside the library.
To make things a bit more complex, you can break permissions on a content, for example to remove an inherited permission. This may be necessary if you want to hide a subfolder.
For details please visit the Permission System article.
Permission overview GUI
If you have installed the WebPages component of SN7, you get a Permission Overview page that may help you understand the current permission settings in the tree.
The Permission info database view
In case you have the Services component only (so no GUI) or you really want to look under the hood, you can check out this db view to see all the permission settings in the system.
The records here contain all the defined permission entries in the system (so inherited ones cannot be seen here, they are calculated in memory). The Path is the content where the permissions are defined, the Identity can be a user or group, LocalOnly means not propagated to children (see above), the rest is a list of permissions (e.g. Open or Save) and whether they are allowed, denied or undefined.
For details about this and other db elements please visit the DB structure article.
I already have access to Google analytics provided by my client and the bigquery has been configured to the project. But i want to know if i can create jobs. How do i find the role assigned to my id ?
i want to know if i can create jobs
Below is simple way to get this:
Just open Web UI and try to switch to project of your interest
a. If you do have it in the list of available projects – just select it and then run (just in case) some simple query (SELECT 1)
If it is run successfully - you can create jobs in this project (because any query is in reality a job)
b. If it is not in the initial list – select “Display Project” and enter project of your interest and also check “Make this my current project” box. If result is successful – most likely you again lucky and can create jobs in this project (but still – run some simple query to be 110% sure
How do i find the role assigned to my id
This would be more involved – you will need to use respective IAM (Google Identity and Access Management) APIs
For example you can use testIamPermissions() API that allows you to test Cloud IAM permissions on a user for a resource. It takes the resource URL and a set of permissions as input parameters, and returns the set of permissions that the caller is allowed.
The permission you should look for is bigquery.jobs.create, but yo can pass to this API list of any permissions you want to check if you have
I need to delete all the storage files in the backand...
In Panel > Hosting > Storage Filess - it's possible to remove only one per.
In Actions it's possible to remove only one per to.
files.delete(**filename**);
When you delete an app from Backand, it will also delete any stored files for your application. There should be no additional actions needed on your part. If you still have concerns, you can use the command-line interface to point your hosting files at an empty directory, which will have a side effect of deleting the existing files. More information is available at http://docs.backand.com/en/latest/getting_started/hosting/index.html
How can I hide a build definition in RTC ?
I can change the 'Project or Team Area' of a build to a specified team that contain the just the developers. Should this action hide the build definition from team members that are not in the 'Project or Team Area' for this build ?
Yes, it should.
This looks like the same way I am hiding a Stream or a component in RTC, as I detail in "How to hide a stream from particular users in RTC source control?".
However, this thread doesn't mention visibility, only permission for:
requesting a build from a build definition
modifying a build definition
So it might not do what you want.
On the permission aspect:
Note that process permissions are looked up starting at the given process area and looking up its parent chain. Permissions may be overridden at the team area level, so different teams within the same project may have different permissions. Also note that the permissions are looked up for a particular user (i.e. the user running JBE or the Ant tasks), they're not defined directly for the engine itself.
For example, if you wanted to prevent team A's engine from processing requests for team B, then you would define:
two build users, bobA and bobB,
and two engines, engineA and engineB (associated with teamA and teamB respectively),
with bobA granted the relevant permissions in teamA, but not teamB, and the opposite for bobB.
When running the two JBEs, one would specify -userId bobA -engineId engineA, and the other would use bobB and engineB.
The build user(s) should also have permission to modify the build definition(s) for the relevant engine(s), since after the build request has been determined, it's the process area for the build definition that governs:
all further operations for the build (updating its state and status, contributing downloads/logs, etc.) and
the definition itself (updating the average build time once the build is complete).
In the Workspace tab
Source Control Folder: I am picking only two locations from my entire team project. I do not want to pick the entire team project because it has 20 projects.
I only need two project locations for the build.
$/TeamProject/ABCProj.SVC
$/TeamProject/ABCProj.UI
Build Agent Folder, If i specify the same $(SourceDir) for both the Source control folder locations($/TeamProject/ABCProj.SVC, $/TeamProject/ABCProj.UI)
above, I am unable to save the build definition.
I am getting an error when saving the Build definition
"$(SourceDir) can only be mapped one time in a given workspace"
Can any one please suggest a solution.
You'll have to map your version control folders to different source directories, for example:
$/TeamProject/ABCProj.SVC -> $(SourceDir)/ABCProj.SVC
$/TeamProject/ABCProj.UI -> $(SourceDir)/ABCProj.UI
Alternatively, you can just map $/TeamProject to $(SourceDir) and cloak all subprojects you don't want to get the sources for.