i have tried creating a user with different policies to achieve my requirement, i want to create a user which have privilege to create users but not to delete so far i have failed. Please help
The RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
i want to create a user which have privilege to create users but not to delete
This is not supported by RabbitMQ.
Related
I'm using Getstream.IO to implement a Livestream type chat.
I see that in the Getstream.IO docs under Default Permission Policies a moderator is able to update and delete a message.
When I set a moderator on a channel and login, though, a moderator is only able to update their own messages. I need a moderator to be able to edit and delete another user's message.
I see that in the docs for Object Ownership Getstream.IO says, "If applicable, ownership of the entity is taken into account. This parameter allows you to grant users the ability to edit their own message while denying editing others’ messages. Permission policies are organized as list ordered by priority. A permission policy has the following fields ..."
How can I list existing permission policies or create a new permission policy using the python API?
At a higher level, using the server side python API or the client side API, is there a way to make it so that Moderator roles do not have the ownership of the entity taken into account?
UPDATE -
Using client.get_channel_type("livestream") I can see that channel_moderator has ability to UpdateMessage and DeleteMessage and owner is False as I expect:
Unfortunately, that is not the behavior I see when I log in as a user where I have performed channel.add_moderators([user_id]) for that user, which shows that the changed user has is_moderator set to True, but the user has the role of user. Do I also need to add a role to the user of channel_moderator? Is this documented anywhere?
UPDATE 2:
I see that in stream-chat-react, Message.canEditMessage and Message.canDeleteMessage are determined by this.isMyMessage(message) || this.isAdmin();, so it appears that unless one overrides the Message component, the moderators need to be Admin in order to edit a message they do not own.
UPDATE 3:
I can see that in the tests for channel_permissions in stream-chat-js that a moderator is indeed supposed to be able to edit and delete a message, just as the permissions matrix in the documentation specifies. I still cannot find a way to get stream-chat-react to allow moderators to update or delete a message, however; it's not easy to understand how best to override Message.canEditMessage, since MessageList.render() automatically constructs using the default Message class.
UPDATE 4:
I was able to get a user added as a moderator to be able to edit and delete posts, but only after making that user a global admin. I have users that I want to be moderators in a channel but not have the abilities of an admin. I've cross-posted an issue to stream-chat-react: Allow Moderators to Edit and Delete Messages Without Being Admin.
My team is attempting to move towards templatization of our services and their infrastructure.
We have found it to be extremely time-consuming to determine the set of permissions required to execute or update a given Cloudformation template. Our process is:
Create a user with permissions cloudformation:CreateStack and/or cloudformation:UpdateStack
Have that user attempt to create/update the specified stack
Observe which missing permission caused the stack operation to fail
Add that permission to the user
Go to 2.
The alternative to this would be to create a "God User" who has unlimited permissions and have that user execute the create/update - which seems to violate the Principle Of Least Privilege
Alternatively, is there a tool that can list "what permissions have been exercised by a given user in the past N minutes?". If such a tool existed, we could create the "God User", have them execute the template, and then create a more limited-scope user that has precisely the permissions that the God User had used.
There is no simple way/tool to do this.
Here are a couple of approaches you can try-
Using an User that has Admin priviledges, create the Stack. Once done, wait for 15-20 minutes for CloudTrail to populate. Now in CloudTrail list the API calls made by the 'Event Source' - 'cloudformation.amazonaws.com'. That should be roughly all the API calls required. There can be a few more calls required, for other operations as you keep on adding functionalities to the Resources. Again, you would need to figure that out this way.
Create a CFN service role , and add admin privileges to this Role. Use this Role to create/update/delete the Stacks. Allow the IAM users only iam:PassRole and cloudformation:* . However, users will be able to create different resources using CFN.
Use Service Catalog and create Products. Service Catalog Products are CFN Templates which can be launched by a specific user/Role/Group. The user does not need permission to create/modify the Resources in a Stack/Product. Also the end user cannot change the Product to add more Resources. Here's a great video that explains this stuff : https://www.youtube.com/watch?v=A9kKy6WhqVA
Hope this helps...
Using privacy list manager to handle blocked users i can be able to store and retrieve blocked users. but not be able to block the communication between the blocked users. will openfire support XEP-0016 fully? if it supports then why am getting message from blocked users, Any idea why?
Privacy Lists are supported in Openfire but there is no specific mention of XEP-0016.
Privacy lists are stored in "ofPrivacyList" table in database. If you are blocking a user, then verify from this table that if it's entry exists there or not.
Same is answered here: Does openfire support User / contact blocking?
I m creating an application in which i have three roles.
(a) Admin
(b) Manager
(c) Supervisor
What i want is when user enter details on lo-gin page first system check whether user is whether its a valid user or not and then what kind of access he have. i think window authentication is good for this purpose now i want from you guys to tell how to should i go on this and can any one provide me a good article for it with example.
as i have create all my pages but i don't know how to communicate with database for it.
Thanks in advance..
You should take a look at the Membership Providers as these provide functionality for user authentication, and also at Role Providers that can provide functionality for managing user roles.
If you have any specific questions about how to go about implementing them, then please ask further questions here on stackoverflow.
I've managed to create a a new user from a servlet using VMM. The problem I now have is in allocating a role to the user. Does anyone know how I could make give the new user a websphere monitor role from within the servlet ?
cheers,
Trevor
It appears that you can't through the VMM service which is what I was really looking for. The best idea is to have groups to each role mapped in advance. Then you can use VMM to add users to the existing groups as required.