How to disable the resize access to role
As long as user doesn't have the MODIFY grant for WAREHOUSE they won't be able to change the size. The option does appear there, but once clicked on a Resize value an error message will appear like this:
See documentation here:
https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#virtual-warehouse-privileges
Related
I have a Sharepoint list that I'm using as a form. Everyone in the company needs to view/modify the form to submit information, but I would like to keep the response from the form viewable to just a few people. Is there a way to do that, without clicking each item and managing permissions for that item? Can that be done with a workflow?
One approach:
Set up the list so users can only see and edit their own responses. (List settings > Advanced settings > set Read Access and Create and Edit access to "Items that were created by the user".
Create a SharePoint group for people who should see all items, e.g. ListManagers
Set up list permissions so that Visitors (everyone in the company) have Contribute access and the ListManagers group gets full access for the list.
Another option:
Leave the Advanced settings at the default, so that everyone can see all items.
Change the default view of the list to show only items created by the current user.
Create a page that shows an XLV with the default view and serve that to everybody.
Create another page that shows an XLV with all items and give permissions for that page only to the limited group of people.
The second method is more for convenience than for security and will not prevent savvy users from accessing the data they cannot see in the default view.
Google announced this feature today, but I don't see any docs for it. How can I grant row-level permissions to a user?
For example, let's say I have a table private.all_customers with the schema {customer:string, id:integer, is_secret:boolean}.
I like to give our salespeople access to the fields customer and id, but not is_secret, and moreover, I'd like to give to give them access to only those rows where is_secret = false. How can I accomplish this?
The key part of row-level permissions is that you're actually giving permission to a view. The view defines the rows and columns in that you want the delegated user to see, without giving them access to the underlying table.
To do this, create the view that will return the rows and columns that you'd like the user to see. For the example above, the view would look like:
SELECT customer, id FROM private.all_customers where is_secret = false
Then I can save this as the view "public.public_customers", and share the public dataset with the analysts.
Note that, so far, this does NOT mean that the analysts will have access to the data. If they try to run it now, they'll get an error. Merely having access to a view that reads a table doesn't give you access to the underlying data on that table. If it did, then anyone could just create a view to read any data that they wanted to see.
The second step is adding that view to the ACL of the private dataset. What this does is records that the view should have access to the data. This way the owner of the private dataset can audit who has access to their data, and revoke it if necessary.
The easiest way to add the view to the ACL is to use the BigQuery Web UI. If you click on the arrow next to the private dataset name in the Web UI and click "Share this dataset", it will bring up a dialog box that lets you edit the ACL.
At the bottom of that dialog it will show "Add People" and a clickable icon on the left. If you click on that icon, you should be able to select "Authorized View". Once that is selected, you should enter the fully-qualified name -- project:dataset.view of the view. In our example, that would be my-project:public.public_customers. Hit 'Add' and it will show up in the list, and then hit "Save Changes" to commit.
Once the view has been added to the ACL, anyone with access to the 'public' dataset should be able to run queries against the public.public_customers view.
For more advanced usage of this feature, which will allow you to give different answers to different users, see this question: How do I give different users access to different rows without creating separate views in BigQuery?
When deleting records within the platform, this action is not reversible via the front end. Is there a way to allow users to remove a record from their view without actually deleting the record?
You can simulate recycle bin functionality within Archer GRC by adding a record permission field that grants read access to "Everyone". If read access is no longer required then an editor of the record can go in and change "Everyone" to a group called "Recycle Bin."
Please note that if there are other record permission fields in the application, users or groups may still have access if they are selected in those fields. Perhaps You can set up a dropdown status field for the user to select "Recycle Bin" and use this condition for automatic record permissions to revoke permission to the record depending on the requirements or workflow of the application.
Solution shared by Igritte might be somewhat confusing for end users.
End user will see greyed out "Delete" button in the top toolbar, but he has to select "Recycle Bin" in the form. This solution was not accepted by my business owner at some point.
As a work around for "Soft delete", I wrote a custom object overriding "Delete" button functionality.
1. User doesn't have delete access to the record, so JavaScript code will make "Delete" button look like active and available.
2. Once the button is clicked, custom object will populate value in the
hidden value list and simulate the click on the "Save" button.
Update: Note that Custom object needs to hide the value list first once the page is loaded. Here you will need to use a JavaScript and do the following: [a] locate the value list DOM object and [b] set display attribute to none. I used jQuery library to do both. This way your value list is not displayed, but you still can use it to control data driven events.
3. With hidden value populated and submitted, record permission will hide this record from the end user.
Note that custom object hides one value list on the layout as well.
If for some reason JavaScript doesn't load properly, user simply will not be able to click on the grayed out "Delete" button.
Update: Hidden value list can be populated by custom object using JavaScript code as well. You need to identify the form tag "input" in HTML code of the page and set attribute "value" to the desired state. I used jQuery library to do this as well.
I have this solution in production working fine with IE11, FF and Chrome.
I can't share the code, but with WC3Schools JavaScript guides and 4 hours you can write and test it yourself with very little JavaScript skills.
Sometimes you have to use custom objects when you want to get a user-friendly solution of not available functionality.
Good luck!
I have created an InfoPath 2010 form which is published to doc library in SharePoint 2010. I want for this form to become read-only ie once it has been submitted.
None of what I have done so far seems to work. I have:
Created a new view and re-named it to Read-Only and in its properties I have ticked
the "Read-Only" check box in InfoPath.
I have a "Submit Form" button and in here I have added rules for submitting the form,
switching the view to the read-only view.
To test this I fill out the form with sample data and submit it, then when I go to
the doc library where the forms gets submitted to when I open the submitted form I
find that the Read-Only view has not taken effect and that it is still possible to
edit the form.
Ideally what I am trying to achieve is to have the submitted forms turned into read-only when they are submitted and still be in read-only mode when these are opened from the document library where they get submitted to.
Any ideas where I'm going wrong with this? if there is a better and simpler way to achieve this please let me know.
Thanks in advance.
It might be too late to answer this question, but if someone is still looking for an answer you could try the below steps
Before you begin please verify that you have one of the following permissions:
a. You are a member of the Administrators group for the site collection.
b. You are a member of the Owners group for the site.
c. You have the Manage Permissions permission.
On the Site Settings page, Go to the Users and Permissions and look for settings
Under Settings you will be able to see Permission Levels
Select Add a Permission Level
Give a Name to you new Permission Level
Under the Select the Permissions to include to this permission level, select the Add Items and View Items Permissions to this group.
After the group is created, for your form library, stop inheriting the permissions from the parent site and create a new group with the new Permission Level that you just created. Add all the users to the group.
This should enable the users to submit a form but not edit it. Hope this helps.
There is an easier way to solve this. Create two views of this form on InfoPath Designer. And make sure when the form is submitted, the view is flipped to the Read-Only view; which has the salient feartures of the form such as the answers you would like to be recorded.
So anyone who opens the form once submitted wil only see the Read-Only view. You can set a rule on the form to have an administrator see a Edit mode.
I just went through this. the submit rule doesn't work, you have to create a form load rule. In the file toolbar, you'll see a form load button in the rules block.
Why can I not (as admin or user) edit a user profile? When I click Edit Item I can only attach a file and I only see the account name. I've gone into the admin area but nothing I change takes affect. I've set some other fields as editable but they don't show. I tried to edit user policies but everything is greyed out.
Are you populating your user profiles from AD? In that case, there is nothing in SP to edit since the data comes from elsewhere.
If not, then where are you trying to edit an item? Are you using Manage User Profiles in the User Profile Service Application area?