MS Access to SharePoint Authentication - vba

I'm trying to connect my current MS Access forms to SharePoint online. I was able to fetch and feed data without any problem. My only problem is that I want to share the front end to multiple users, but I also need to create a login form to check whether they have access to SharePoint online or not.
Is there a way to add a username/password to the below connection string?
"Provider=Microsoft.ACE.OLEDB.12.0;WSS;IMEX=2;RetrieveIds=Yes;DATABASE=https://CompanySharepoint.com/Lists/;"

Nope.
Access will determine if the user is able to login using integrated authentication. This means that users that don't have access to SharePoint won't be able to access the lists.
Depending on your SharePoint config, they might get an error message, or might get a prompt asking them for a username and password. As long as you're cleaning the cache properly, they won't be able to access any data if they have no permission to view the data on SharePoint.

Related

What is the Correct Microsoft Graph API Permission for Reading Mailbox to specific user only

Good day!
I just want to ask about microsoft graph Api permission, there's too many options here but my goal is to have the full access ONLY to specific account and read the mail box such as Subject, Email Body, attachment and Sender Email, the system will read the mails from the back end from the specific account only. (like a basic auth)
I'm trying to make system to my org. I don't have the full control in azure portal, so I create API Permission request.
What option need to include in my api permission request?
enter image description here
I saw the "Mail.Read" Option
but I think the scope of this option is to access ALL other mail account without signing in. correct me if I'm wrong, but then what I really need is for single account only.
Thank you in advance
Access to Graph API is normally done one of two ways:
On behalf of user
As a application (no user)
The permissions required for the access type are different and are documented for each API endpiont under the Permissions sections. The on behalf of user access requires "delegated" type permissions and application access require application permissions.
If you use "on behalf of user access" (i.e. you have a user fronting the authentication or you know the username/password) and the correct permissions for the api endponts you are using then you only have access to the data that that user has access too (even if you have permissions like ".all").
If you use "application access" then normally you need higher permissions and you can normally read all user/org data. In some specific cases you can constrain application access. Email account access happens to be one. Follow the Limit Mailbox access instructions to limit a specific application id to a specific set of mailboxes.
There is a separate Mail.Read permission for both Application and Delegated permissions. Application permissions allows the app to read mail in all mailboxes without a signed-in user where as Delegated permissions allows the app to read email in user mailboxes , check the doc for more info - https://learn.microsoft.com/en-us/graph/permissions-reference
In your case you want to check your mail only , then you need to use Delegated permissions , which doesn't required admin conesent
Hope this helps
Thanks
-- goal is to have the full access ONLY to specific account and read the mail box
Can I understand your requirement as, you may want to have a user who is admin role and only this user can query mail information for all other users?
If so, you must have a sign in popup window to let users sign in, then your application can validate the user to check if the signed in user is in admin role to determine whether allowing this user to query mails.
But you also mentioned "to run in background the signing in process, no pop up window", so I'm afraid that you want to allow anyone using your application to query mail on behalf on this specific user. In this scenario, I'm afraid you can using client credential flow directly with the application permission.

Microsoft PowerBI embedded with password

I am working with PowerBI Embedded but I am quite new.
The following is my customer request. They want to have the dashboard embedded in their webpage but before opening they want to have password. They will just get the URL and add as iFrame in their webpage.
I plan to use the Embedded API to make the webpage using the token provided.
However this will not prompt the user to login. Is there any way I could do that? Maybe I will have to write the app in as whole to monitor the user authentication.
If you're using 'User owns data' scenario of Power BI Embedded, then each user HAS to be authenticated on his own, and is limited to access only resources in his possession (or that were shared with him).
If you're using 'App owns data', you can control whichever auth process you'd like, and grant access to the embedded entity as you please.
Read about the different approaches:
https://guyinacube.com/2016/07/3-ways-to-embed-power-bi/

OneDrive API centralized account

We want to use OneDrive API to upload and retrieve files from our own account.
The problem is that OAuth needs user interaction for login and then redirects back.
However we don't want to each user to log in and then gain access to his account. We want to just communicate with our own onedrive account without user to know about that.
(In other words, we're not creating an application that allow our users to edit their own data, but to interact with our data, like a database.)
Is there any way how to do this with OneDrive or we should use different approach?
Try adding admin (user used in OAuth) as ‘Site Collection Administrator’ to access all the file/folders of a User.

More AtTask API POST Issues

I'm working on a project to pull information from a SharePoint calendar and and post it into the atTask Time Off calendar. This should be pretty simple, but nothing in the AtTask API works the way I would expect. I've already asked about the "POST" action deleting existing records. Now I'm running into some strange rights issues.
I have administrator rights in our AtTask sandbox. I am able to access the Time Off records (RESVY) for all users on the system. I am able to delete them without issue. However, I am only able to create new records (POST) for myself. When attempting to create a new record for another user, I'm plugging in the sessionID from my login as the administrator and the other users userID.
The result is an error message: "You do not have sufficient access to edit this User".
It seems odd that the API would allow me to delete the RESVT records for another user, but no create new records.
We are using Active Directory for authentication into AtTask, so I don't have access to the passwords of the other users. This is really getting to be a headache.
Thanks in advance,
Mark
To update another users Time-Off the following 3 scenarios will allow you to mark time-off for another user. This is using the new access module.
You are a system admin
You have User Admin setting enabled in your access level settings (Located under the Fine Tuning option through the Edit Rights at the user level)
You have users who report to you (you are a manager) you will be able to edit users Time-off for users who report to you.

Remote access to laravel models

Is it possible that a website uses the models of another lavarel website to access the database, without the first website having the sql credentials hardcoded. But with the credentials to log into the second lavarel website hardcoded.
This way the first website doesn't have to have the sql credentials on it's ftp server, but can still access the databases through the other website (with their personal login of that website).
If that is impossible, I am wondering, is there a way to access a databases without having to hardcode the credentials anywhere.
UPDATE (the actual problem)
Only a part of the database should be visible to a particular user, so i can provide different users with different credentials and they all see something different in the database
What you are talking about is an API. So you'd build out the entire infrastructure on the first website, then on the second website, it would make some kind of calls to the first website to get back the information it needs, usually using some kind of credentials or access token.
This way, you can allow anyone in the world to communicate with your website, kind of like how Facebook, or Twitter does.
As far as accessing your database, you would need to tell your app somewhere the credentials to use, so technically, you do need to hardcode them somewhere as they can't just magically make up some credentials somehow to access a database.
if your different users are defined:
use laravel model/db event to replicate the data to a database by
user.
Or sync each database with a cron job..
These have benefits to avoid security transport problems.