I have a user with permissions across many projects (see image below).
I have a new user who just joined the company. I want to give him the exact same permissions. How can I do this? I don't want to do it manually because that will take me ages and the Google Cloud Documentation is useless! I cant find much on using gcloud command line to do this with examples.
There must be a easy way to duplicate permission?
Thanks
It is indeed possible to grant a role to a member for more than one project:
Open the IAM & Admin Projects page in the GCP Console.
Select all the projects for which you want to grant permissions.
Click the Show Info Panel, followed by the Permissions tab.
Enter an email address in the Add members field, and select the desired role from the drop-down menu.
Click the Add button. The member will be granted the selected role in each of the selected projects.
Granting access rights to project is an action fraught with security risks, so bulk gcloud commands or simple copying of roles are understandably not supported.
You can find more detail on the "Granting, Changing, and Revoking Access to Resources" documentation page.
Related
So I have the users in a table and I know my login system works because I use it for other workspaces. However across all the applications in this particular workspace I am having an error where users roles are not being recognized in particular I can't even get the admin page to work for me and I am a developer. If anyone has any clue on how to fix this it would be greatly appreciated.
If that first image is the default Admin pages, then wouldn't that mean you have access since you can see that page?
(which by default, if you let APEX create it for you through New Page > Features > Access Control) has Administration Rights set as the Authorization scheme
You have two places to check to find the issue:
Shared Components > Security > Authorization Scheme
Go to or Click your Administation Rights, under Authorization Scheme, you need to make sure you are using Is in Role or Group IF that is the requirement and you are to use the created roles. Make sure the role, Administrator (if default roles exist) is listed.
if validation is once per session, and you're still in the same session. log out and log back in. The problem should go away
Shared Components > Security > Application Access Control
Check under Role Assignments if your username is there.
Click Administrator under Roles, and make sure Administration Rights under Associated Authorization Schemes has the Is in Role or Group as the scheme type
If there is a different Authorization scheme (not Is in Role or Group) or you have different roles, then I would suggest post a new question with more details on your setup.
I am wanting to disable the "Share dataset" feature of bigquery.
For my use case I would like to disable this feature as you can't control what data can be shared and and who with. This means datasets are shareable with anyone who has gmail account.
I've been experimenting with removing various IAM permissions and I can't seem to pin it down. I've also used chrome dev tools to see what the API call is but I can't trace it back to how I can prevent the sharing of datasets.
If this cannot be disabled can you at least lock it down to a specific domain?
Try the following steps to restrict the share option.
Add the user to the IAM and don't assign any role.
Share the dataset with the user with Can view role
Now the user can still see the Share dataset option, but if they try to share they will get the following error
As per BigQuery permissions and roles matrix only Admin, Data owner(BigQuery role), and the Owner of a dataset can share it. Make sure to give the least privilege needed to your users.
For example, give the respective user the bigquery.jobUser permission and share him the dataset with "can edit" permission. This setup will not allow the dataset to be shared.
I want that when a project is scanned and it's scan result is created only Admin and a specific user can see that project in dashboard and all other places and only he can access that project. Also I want to send email to that user when project was scanned.
I know I can assign role to user and set permissions for it by going to that project, but should I have follow all these steps for this? Can't I just select a user from UI so that only that selected user can view that project?
You must define project permissions for the scanned project with only that user and admin having the permission to "Browse" the project.
If you need to do that repeatedly you may use permission templates.
See http://docs.sonarqube.org/display/SONAR/Authorization#Authorization-ProjectPermissions.
In my case I wanted to Assgin one project to a whole group of users in SonarQube 6.7.3 so the steps where the following:
Administration->Projects->Managment->Actions(of the desired project)->edit Permissions
And then, I don't know why but the current users and groups registered are not shown instantly so what you need to do is to use the search tool and search for the group or user that you are looking for. They will appear below so you'll be able to tick the permissions that you want. Also you should select the private radio button so nobody but the users or groups you selected can access the project.
I need to create a Jira user/role for our support team to be able to login to JIRA and see what groups a user belongs to. They don't need to be able to edit or change anything, this should be read only, and ideally they would only access the user-browser. Jira 3.13.2 with Oracle DB.
Seeing who is in a group in JIRA is only allowed for members of jira-administrators. JIRA recommends using JIRA project roles rather than groups because they can be seen in more places and modified by project administrators.
If you really need this then I'd pursue custom development to change which groups are show for a user in their profile. It looks like the original three jira-* groups are shown to everyone but not groups that were added.
I am new to alfresco. I am integrating Alfresco with the web application as an library for my application. I am logging to alfresco as a admin and I can see the Data Dictionary in my repository. I want to hide it. Is it possible?
In order to hide the Data Dictionary folder for normal users you have to properly configure permissions. By default, all folders in Alfresco use the default ACL, which makes everyone Consumer (i.e. read only). This is what makes them visible to every user.
Try one the following:
[From Alfresco Explorer]
log in as admin
go to Data Dictionary
click on More Actions -> Manage space users
remove the only one entry you have there
[From Alfresco Share]
log in as admin
go to Repository
if needed, click on "Show folders"
hover on Data Dictionary
click on More -> Manage Permissions
hover on the Actions column, click Delete
This way you hide the Data Dictionary folder to normal users. Admin users always get access to everything. With similar procedures you can configure more fine grained access levels on folders, e.g. to enable some users to access them.