Non-admin user can not modify properties of his project like "public" through Harbor's Rest API, It returns 405 Method Not Allowed
That's by design of the access control function. The project settings can be modified by the users with role > Project Admin.
Related
Last year I started using asp.net core MVC.
I used to make a security system using role and permissions based like:
When the application is first deployed into production, the application creates a default admin
role and admin user. This user has full application access.
This user can create a new roles and give access permission to a new role (including creating new role and user permissions) and assign it to the new user.
reference for this type of security system:
I read Microsoft documentation
And there everything is in hardcoded string .
How can I implement this in asp.net core2.x with EF Core for DB access?
(If possible provide some detail explanation links)
For an Example: Admin user Create Role 'PurchaseManager' and give access to this URL example.com/Product [Get/POST/PUT/DELETE] etc. all. after Admin user Create another Role 'StoreManager' and give access to this URL example.com/Product [Get Only]
this process will be done in production.
GOAL: Create users in Azure Active Directory using our Global Admin account from an API.
PROBLEM: Every single way I try, I get "unauthorized".
WHAT I'VE TRIED:
I've been focusing mostly on this: https://graph.microsoft.com/v1.0/invitations
I've tried as outlined here
the "Authorization Bearer {token}" is problematic -- I can't seem to properly retrieve tokens, using any of the built URLs recommended (ie, combining ClientID & TenantID in the URL.)
I've tried the relevant portions of this, including creating the app, setting permissions on the app, trying both Web API and Native. I'm able to get a code back, but using it always comes back with Unauthorized.
As an aside, I am using Nintex to run this web service, as it is part of my workflow. Typically, web services don't give me issues. So, this sucks.
I'm missing something, here. Any thoughts or direction?
UPDATE: Removed the word "method" - bad choice of phrasing.
If you want to use Microsoft Graph explorer to create user as the global admin, you could use POST https://graph.microsoft.com/v1.0/users, and the required permission is:
Permissions
For the details, you could read Create user.
Global admin runs as a user by default. To grant access to Active Directory, you need to elevate permissions in the portal.
I'm not convinced you have the permissions to create the user, and that's why I think you're getting the error.
Also, try and avoid using Global Admin. Create a Service Principal and provide more granular permissions.
I have set up a user and assigned him to a role. While I am able to permit or deny access to different pages in the site, assigning access restrictions in Media Library -> Security seems to have no effect. Any idea what I'm missing?
You have to assign them to a role. Configure both 'Permissions' and 'UI personalization' like you can see in the screenshot below.
David
Please check to make sure you do not have any global or higher level permissions set on those users that would override your specific security settings. For instance is a user was set to a role but also has Global Admin rights, the global admin would override all the permissions.
Also have you tested if the users can actually edit those libraries? (add, edit, remove items) or can they just see the media items in there?
I had a similar issue. Disabling the "Manage" permission while leaving "Read" enabled via the Role's Permissions -> Media libraries (Module) resolved it. See my response here: https://devnet.kentico.com/questions/limit-access-to-media-libraries
I have created module with Rest API for that using following link
Extending-the-Magento-REST-API
When I run following URL /api/rest/magepim/products/count I get 403 error.
Deeper research of magento core code show that problem here
\app\code\core\Mage\Api2\Model\Server.php
string #216
if (!$globalAcl->isAllowed($apiUser, $request->getResourceType(), $request->getOperation()))
What's wrong in example? I guess reason is missing or incorrect acl in xml files but where?
Magento version is 1.8
Did you follow the below instructions?
In the admin, System->webservices->REST Roles-> Add administrator role.
Create a role as admin and select the "MagePim API calls" from the Role API resources list.
Then In the Role users tabs, select the admin user ( by selecting "Any" in the dropdown and user list will be shown. From that select admin user and save.
Then try and let me know if any issues.
I am connecting to the Asana API endpoint and creating a task independent from anything except I am putting in into my company workspace.
I see that it has the permission "private" but I can change it to "public" on the UI in the site. However, I want to make the task public upon my POST request to the /tasks endpoint.
This is because I don't necessarily want the user to have to specify a project to be able to POST a public task that is available for the whole company workspace to see.
How can I add this attribute to my task without associating with a project?
There isn't currently support for this, but I'll add it to our feature wish list!