I'm trying to connect my current MS Access forms to SharePoint online. I was able to fetch and feed data without any problem. My only problem is that I want to share the front end to multiple users, but I also need to create a login form to check whether they have access to SharePoint online or not.
Is there a way to add a username/password to the below connection string?
"Provider=Microsoft.ACE.OLEDB.12.0;WSS;IMEX=2;RetrieveIds=Yes;DATABASE=https://CompanySharepoint.com/Lists/;"
Nope.
Access will determine if the user is able to login using integrated authentication. This means that users that don't have access to SharePoint won't be able to access the lists.
Depending on your SharePoint config, they might get an error message, or might get a prompt asking them for a username and password. As long as you're cleaning the cache properly, they won't be able to access any data if they have no permission to view the data on SharePoint.
Is there any way to embed a private report (i.e. Link-Sharing set to OFF) in a site where the user does not have to be signed in to a Google account which has view permissions on the report? I understand from this piece of documentation that a private report can be viewed in an iframe only if the viewer is currently signed into a Google account which the report has been shared with.
This is not a feasible option in this case, and it comes down to two factors:
The client requires complete security of their reports.
The client, due to security reasons within their company, cannot create or use a Google account.
This means the only solution is for a 'service' type Google account to be created which authenticates with Google from within the application side of things, without relying on user input.
I guess that the document that loads within the iframe looks for a Google authentication cookie in the browser session of the user in order to authenticate access, so this seems like something that cannot be injected by the server or automated on the client (correct me if I'm wrong). Plus any kind of attempt to script a login through the iframe will result in some cross domain issues.
So, if there is some sort of official authentication technique which can achieve what I'm looking for, and have managed to overlook, it would be great if somebody could point that out! If not, if anyone has any ideas on a less neat and tidy way of doing this, I'd be equally as grateful!
Thanks
(coming late to the party, I'm aware, but stumbled upon this myself just now and believe I found an answer:)
When embedding a report, you are able to send a token via their community connectors to give specific viewing rights depending on who that is on the platform. I guess this wasn't available at the time posting this question, but sounds like a viable option now - read more: https://developers.google.com/datastudio/solution/viewers-cred-with-3p-credentials
You can not share an active/live dashboard but you can deliver a password protected version of you report via PDF. To the farthest left of the "Edit" button you´ll see the "Download Report" feature.
I'm creating an script, based on Google Analytics step-by-step guide from this page:
https://developers.google.com/analytics/resources/tutorials/hello-analytics-api
Authorization is done without problems, until it tries to access data. The return code is 403, and error message is:
User does not have any Google Analytics account
This message has no sense: my account has google analytics data, tracking multiple websites, and I can access it from web browser without problem. I've allowed Analytics API through Google APIs console, and API access is giving me right data.
I had this problem too. I fixed it by adding the email address for my service account to the Google Analytics profile I wanted it to access.
I got the email address (something like xxxxxx#developer.gserviceaccount.com) for the service account by looking under the "API Access" tab in the Google APIs console.
Then, I followed Google's instructions for adding an email address to an Analytics profile. Now everything's working as expected.
Good luck!
Just add you given email (format of 71667655853644-o653rrdkq5hthsgo0otbpojoo#developer.gserviceaccount.com)
to User Managers:
Wish it helps you
I was facing the same issue. It got resolved by adding the email id of the service account user(your account#yourwebsite-dev.iam.gserviceaccount.com), to the users in your Analytics account under-
Analytics-Home Page ->Admin(left pane) -> User Management -> add (click on plus sign on right side of the menu) -> Add new User -> Add the email id in enter email addresses.
Now, this will solve the issue.
It is mentioned in a comment above but if you add the email address under the User Management for your account, it won't work. You have to click on the User Management under the view part of the screen.
This message we get when no permission granted to client_email, in the google alalytics, client_email is you got from the JSON file. to grant permission to client_email you're using in your App, Head over to Google Analytics site and click "Admin (setting icon)"
you'll get menu list right, there click on "View User Management"
There you'll see "+" icon, and "add user",
once you click on that, you need to add client_email in the "email address field" and save it, you should be good to go!
Go to https://console.cloud.google.com/apis/credentials
Copy email address in "Service Account".
Open Google Analytics, add email above as a new user.
You will also get this error if you have never logged in with the google account youre trying to authenticate with.
I was getting the 403 error until I changed the permissions of the email account from inside Google Analytics from 'Read & Analyze' to something else, saved it, and then changed the permissions back to 'Read & Analyze' and it worked.
Just in case if that doesn't work, Try to open your JSON file which you have downloaded and Search for client_email and copy that email address and add it to the View File
Click On
Analytics-Home Page ->Admin(left pane) -> User Management -> add (click on plus sign on right side of the menu) -> Add new User -> Add the client_email address which you copied.
If that still doesn't work
Analytics-Homepage-> Admin ->Views->User Management(Click on add(+) symbol, add this ccopied client_email address and give permissions and save it.
I was hitting the 403 error. These steps got me around it. To be clear, I was trying to get Google's sample "HelloAnalytics.php" working with OAuth (sans user interaction, suitable for cron job etc).
After enabling the Analytics API, I created a new "Service Account" under APIs & Auth/Credentials; and saved the .p12 key pair. I then went into the Analytics user management console, and added that Service User's email address.
.p12 authorization using the PHP API works if I check off only "Read & Analyze" only in the permissions list. If I add "Manage Users" and/or "Edit", I get the 403. Hope this is helpful, I was grinding on this for a couple of hours...
I had this problem too, and I found that the problem was that I had asked for too many permissions. The Developer Console says to ask for both http://www.googleapis.com/auth/analytics and http://www.googleapis.com/auth/analytics.readonly permissions. This did not work when I was also using the sub claim. A sub claim instructs Google to issue an access token that operates on behalf of another user — in my case the Google account that owns the service account. I removed the analytics permission and stuck with analytics.readonly with the sub claim:
{
"iss":"123123123123123-xxxxxxxxxxxxxxxxxxxxxxxx#developer.gserviceaccount.com",
"sub":"me.example#gmail.com"
"scope":"http://www.googleapis.com/auth/analytics",
...
}
The Bearer token issued allows me to make (at least some) Google Analytics queries to profiles that are owned by completely different Google accounts, but that have been shared (read-only) with my gmail user (me.example#gmail.com).
I managed to fix this by making sure that the
client = Google::APIClient.new(:application_name => 'X',:application_version => '1')
application name variable 'X above was the ACCOUNT name on the GA dashboard, not the PROPERTY name, which in my case was the actual url of the site I want to access.
Confusing, but thankfully fixed (with no thanks to Google!)
The problem happens since we dont provide a "sub" argument. Unless we provide this, the call happens on behalf of that long service account email.
So just provide a sub argument, with an email which you already have given access in the report and things should work well!
I got the same error, since I didn't sign in the google analytics. So I had resolved it by signing in the analytics account.
Instead of using a service account, you can sidestep the need for adding a adding new user permissions (as per the top answers in this thread) by using OAuth client ID credentials.
Go to the API credentials dashboard and click "Create credentials" -> "OAuth client ID". Afterwards you should get a client ID and a client secret that you'll need to authenticate the API.
Now you can use OAuth2WebServerFlow to authenticate on a per-use basis. Here is a python3 example:
from apiclient.discovery import build
from oauth2client.client import OAuth2WebServerFlow
# TODO: Fill these in...
CLIENT_ID = ''
CLIENT_SECRET = ''
VIEW_ID = ''
flow = OAuth2WebServerFlow(
CLIENT_ID, CLIENT_SECRET,
'https://www.googleapis.com/auth/analytics.readonly',
redirect_uri='urn:ietf:wg:oauth:2.0:oob'
)
authorize_url = flow.step1_get_authorize_url()
print('Receive code from:\n%s\n' % authorize_url)
code = input('Enter code here:').strip()
credentials = flow.step2_exchange(code)
api = build('analyticsreporting', 'v4', credentials=credentials)
body={
'reportRequests': [{
'viewId': VIEW_ID,
'dateRanges': [{'startDate': '7daysAgo', 'endDate': 'today'}],
'metrics': [{'expression': 'ga:sessions'}],
'dimensions': [{'name': 'ga:country'}]
}]
}
data = api.reports().batchGet(body=body).execute()
I am working with PowerBI Embedded but I am quite new.
The following is my customer request. They want to have the dashboard embedded in their webpage but before opening they want to have password. They will just get the URL and add as iFrame in their webpage.
I plan to use the Embedded API to make the webpage using the token provided.
However this will not prompt the user to login. Is there any way I could do that? Maybe I will have to write the app in as whole to monitor the user authentication.
If you're using 'User owns data' scenario of Power BI Embedded, then each user HAS to be authenticated on his own, and is limited to access only resources in his possession (or that were shared with him).
If you're using 'App owns data', you can control whichever auth process you'd like, and grant access to the embedded entity as you please.
Read about the different approaches:
https://guyinacube.com/2016/07/3-ways-to-embed-power-bi/
In my rails 3 application, I am using carrierwave gem (version 0.5.6). I would like to use Google Storage for developers for storing the uploaded files. I have created an initalizer which looks like following:
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'Google',
:google_storage_access_key_id => 'xxxx',
:google_storage_secret_access_key => 'yyyy'
}
config.fog_directory = 'directory'
end
I am getting 403 forbidden message with
...<Error><Code>InvalidSecurity</Code><Message>The provided security credentials are not valid.</Message>...
I have just enabled my Google Storage using the apis-console, and I can upload files using the online 'Google Storage Manager'. For 'google_storage_access_key_id' in the initializers file above, I am using 'Google Storage Id' for 'You' in the 'Storage Access' page. For 'google_storage_secret_access_key', I am using the 'Legacy storage access keys'.
I don't know how to proceed. Could someone kindly point me towards how to get about debugging this issue?
Thanks,
Saksham
It took me almost a complete day to find the correct keys in the Google API Console. I could not find the information at all in the new interface.
Here are the minimal steps to find your access key and secret:
open the old API console
enable interoperable access by pressing the button (it says: make it the default for interoperable access, but without pressing this button, I did not get the "interoperable access" tab)
pressing the button will show two sub-menus under Google Cloud Storage: Storage Access and Interoperable Access; click on Interoperable Access
there you will see the access key (hint: it starts with GOOG)
fill in in google_storage_access_key_id)
press the Show button behind the access key to actually show the corresponding secret
fill in in google_storage_secret_access_key
I hopes this helps! I found the names of the fog-configuration-keys confusing enough to actually switch the values, and it took me ages to actually discover the Show button actually showed the secret.
It sounds like you've enabled the legacy access keys for your account. From the Google APIs console select Google Storage and then click on legacy access.
Use the access key from that page here:
google_storage_access_key_id => 'xxxx',
From the APIs console click show to display your secret key. Use that key here:
google_storage_secret_access_key => 'yyyy'
Do not use the Google ID for legacy access.
Hope this helps,
Anthony
To generate a developer key in 2016:
Visit this page:
https://console.cloud.google.com/projectselector/storage/settings
Create or Select a project.
Select Interoperability.
If you have not set up interoperability before, click Enable interoperability access.
Click Create a new key.
The Google API console gui is not the most friendly user interface, so that's why I'm putting detailed instructions. I am writing this as of October 2013. The interface is now changed but Google API Console still enables you to use legacy access. If you are using the new Google Cloud Console, look on the bottom left hand corner and you will see the message "This is an experimental version of the API Access page. Some features may not be available." Click the words "API Access page" to get you to the legacy access. Then on the left menu select "Google Cloud Storage". Underneath that you will see two other fixed submenus, "Storage Access" and "Interoperable Access". On the "Storage Access" submenu page, enable "Interoperable Access" if you haven't done so already. Then on the "Interoperable Access" submenu page, you can get your Storage Access Keys for use in fog configuration.