I have a cabinet say "tcabinet" in a repository "trepository".
In this repository there are multiple users however their access is restricted by adding the cabinet IDs to the restricted_folder_ids column in dm_user object.
The user has access to the ACL. But still they can not see tcabinet as their access is restricted. There are thousands of such users.
For these users to see the tcabinet. I'll have to add the object id of tcabinet to restricted_folder_ids column of each user which would definitely be a large task.
Is there any way to make them able to see the cabinet without adding the cabinet id to each user?
As confirmed by OpenText also, there is no other way to achive this. However we can add the cabinet to everyone's 'restricted_folder_id' attribute in dm_user table.
UPDATE dm_user object
APPEND restricted_folder_ids=’<Object ID of the Cabinet>’
WHERE user_name='<user_name>'
NOTE: If you are using this method, make sure to filter out the users which does not have any existing 'restricted_folder_id' in dm_user table, else this method will restrict the access of these users to a single folder which might not be the intention.
Related
We have a bunch of files and we want only users belonging to a certain department to have access to a specific set of files. We want to create a system that would upon swiping the card allows access to files.
I don't want to have multiple relations from each user to each file, but I'd rather have it compartmentalized.
What would Cypher query for this look like?
With the following command, you can now check the access rights of a person or department with a graph database.
The MATCH clause tries to find a pattern where the Person node with the usernaname “jsmith” and the File node with the name “apendix.pdf” are connected within 2 hops with relationships of type BELONGS_TO or HAS_ACCESS_TO.
In summary, the query checks if Mark BELONGS_TO a certain team which HAS_ACCESS_TO a file or whether there is a direct relationship between Person and File with HAS_ACCESS_TO type.
MATCH path=(p:Person {usernamename:"jsmith"})-[:BELONGS_TO|:HAS_ACCESS_TO *..2
]->(f:File {name:"apendix.pdf"})
RETURN *;
I'm looking for a way to migrate data from LDAP-hosted groups to Google Groups.
With GCDS only the users are migrated, but I would like to migrate the data, do you know any way?
Thanks team
I've migrate groups between different directories using custom-written scripts. This requires some type of mapping between IDs. That is I know the fully qualified DN of each member within the LDAP-hosted group, I can match that up to a record in the new directory -- e.g. cn=lisa,ou=users,o=example has uid lisaj, and there's a corresponding account with the logon id lisaj in the new directory. I've had to do migrations where there was no direct correlation available within the two directories, and successfully linked the two systems using a text file with cross-reference info. A line in the file might say "lisaj 019485-B9184A-9284C-1949" to map my user id in the old system to a record identifier in the new one.
Basic process:
Connect to source LDAP
Find all in-scope groups For each in-scope group, get member list
Find the corresponding group in the new directory (if none exists,
create it)
For each member, find corresponding account in new
directory
Add member to group in new directory
(https://developers.google.com/admin-sdk/directory/v1/reference/members/insert
for Google Groups,
https://github.com/alfasin/Google-Admin-Directory-API has some Python
examples)
As a one-off process, it's pretty simple. If you need the two directories to remain in sync for some time, the script becomes a little more complicated. Assuming the old directory is "authoritative" (the one with the 'right' data -- and you can only make changes in one of the directories, otherwise it's impossible to tell which members actually should be in the group), you need to check the new directory group for any members that aren't a member of the old directory group and remove them as well as add any old directory group members that aren't in the new directory group yet. I generally add a "last modified" constraint to the filter used to locate groups in the old directory -- e.g. find all group objects where the lastModified timestamp is in the past 24 hrs -- to avoid continually reprocessing data for groups that haven't changed.
I am retrieving users for Active directory in Jira 7 by using LDAP. I am trying to reduce the number of users brought from LDAP to a particular group that we have created. So in order to do that i put (objectCategory=group)(cn=WebAgileDevs) in the group object filter along with the default settings. The only thing i change is the Base DN and credentials required. When i save and test it does show me that it is testing 1 group and 15 users which is what i want!(See the screenshot). BUT, when i go and sync it, it brings in 43000 users!! What am i missing???
Test Remote Directory Screenshot
The group filter is used to filter the list of groups that are imported to JIRA, and the user filter is used to filter the list of users that are imported to JIRA. The two need not necessarily correspond. Your group filter would be instructing JIRA to bring in only that one group (into the list of groups), but without further refinement, your user filter will still be pulling in all users, as you noticed. This means that you need to adjust the user filter too.
From your question, you want to import only those users who are a member of a specific group. Atlassian provides some general guidance here.
The last example on that page is particularly relevant for you:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,ou=users,dc=company,dc=com))
This tells JIRA to pull in only those user objects that are a member of the group cn=CaptainPlanet,ou=users,dc=company,dc=com. You would want to replace this with your cn=WebAgileDevs (plus whatever trailing qualifiers you need to fully qualify the group name).
I would like to join the user object and project permission object to see how many users have been assigned to a project, for audit purpose. I don't see a common field with common values (email address or first name/last name) between these objects. I used Excel plugin to retrieve two separate data sheet and unable to map them. Any thoughts on this on how to do this?
You're probably seeing something similar to the following when you query on ProjectPermissions:
In this situation, the default User object selected from the "Columns" picker in the query dialog, gives you the User's DisplayName, which doesn't unambiguously map to a Rally UserID.
Note, however, that you can add dot-notation sub-fields of Objects manually by typing them into the Columns field. In the following example, I've included User.Username and User.LastLoginDate as additional fields I want to show on the Permissions report:
Of course, you could also just include User.Username, and run a second query on the User object with all fields selected, and do a join in Excel.
One note of caution - if you have many users (say 1,000), and a lot of projects, (say 1,000, which is not uncommon in large Rally subscriptions), querying directly against the ProjectPermissions endpoint can rapidly result in total results that number on the order of 10^6. This will probably time out in an Excel query.
The Rally User Management: User Permissions Summary script works around this by querying Permissions in a loop on a user-by-user basis. It's slow, but it returns results without timeouts. Certainly not as convenient as Excel either - you need to install Ruby 1.9.2+ and the rally_api gem to get it working.
I am fairly new to Silverlight and RIA services, and I am trying to build a small project to understand it. So basically I created a Business Application, and I have the normal Login screen where I can add a user. That is fine and I can add a user and get him into the aspnet_Users table. Now I have created some extra fields, like Mob No, Tel No, DOB, Locality etc, which I have put in a table I have created called the UserProfile, and my idea is to get the username that was registered, and insert it into my UserProfile table with the other relevant data.
So I created a page called Profile.xaml, I created a UserProfileDomainService.cs where I have just one query, to get the user profile data from the table, and then created a Details DataGrid on my page, and the QueryName in my case is GetUserProfilesQuery(). Now what i wish to do is, get the user logged in, get his username, and check in my table to see if there is already data in the table. If there is populate the fields on the DataGrid with data, so that the user can modify this data, and if not, allow the user to insert data into the table.
So I have created a UserProfileViewModel class, and I want to create the query to get the data relevant to this user. However I got stuck on how to do all this, and how to get the user logged in.
Can anybody give me some advice or point me to some tutorials on how I can achieve this?
Thanks a lot and your help is very much appreciated.
In your domain service query you can use ServiceContext.User.Identity.Name to get the information specific to that user to include in your db query. I do something similar in our project.
We use entity framework so the LINQ to Entities query looks like:
return this.ObjectContext.UserSnapins
.Include("Snapin.EvolutionModule")
.Where(si => si.User.UserName == ServiceContext.User.Identity.Name)
.OrderBy(si => si.PageOrder);