I am currently working on a project in Data Science Experience that involves writing CSV files to Bluemix Object Storage.
There are several colleagues involved in this project and I want to know how to set Bluemix permissions so that everyone can access the Object Storage container for the project through their respective Bluemix account.
Bluemix Object Storage services does not support access control for Bluemix platform users.
Related
I'm attempting to connect the Microsoft Graph Security API Connector to Power BI Desktop. Everything seems to work okay until I try to set 'Application' or advanced 'Delegated' authorizations so I can execute GET commands, such as '/security/securityActions', '/security/TiIndictors' and '/security/securityEvents'.
When using the Graph Security API Connector in Power BI, it automatically connects to my Azure tenant as a Service Principle (e.g. Enterprise Application) with an App ID = 'cab163...'. However, this Enterprise Application doesn't have an intuitive way to add additional permissions.
The documentation https://learn.microsoft.com/en-us/power-bi/desktop-connect-graph-security only talks about Delegated authorization.
Any guidance would be helpful. I'm sure it's an easy solution - it's seriously eluding me.
Thanks!
To set permissions for Application Only mode, please refer to the Application permissions section.
Your app needs to be consented by an administrator.
I would like to set up a oauth access for a node-red deployed on bluemix and access a multiuser dashboard. I think it should be done via the IBM Cloud Function API and use IBM Cloud App ID to protect it with the IBM Cloud API Gateway- that said - theres no way to connect those gateway functions to the dashboard webpages through bluemix that I can see. Has this use of node-red been done?
Note I am not trying to provide access to node-red flows only secure the Dashboard pages created with the multi-user node.
I have multi-user multi-sessions dashboard running but theres no current nodes to secure this - or flows that offer this functionality - I'm not even sure you could build oauth using flows. Perhaps a dedicated node that is built to provide ...perhaps fussing with bluemix-settings.js
I've researched Node-red capacity especially when deployed in IBM cloud and this is adequate. Node-red provides easy to provision cloudant access as well as dashboard functionality that I want to embed in a consumer mobile app.
So the point is to provide oauth for the public access of the dashboard and to protect the cloudant endpoints. As well as keep the functionality in the cloud rather than in the mobile app.
This is preferably a code-less solution.
Can you provide more information on dashboards? What do you mean by Dashboard pages created with the multi-user node?
There are node-red OAuth2.0 and OIDC plugins that can be integrated into the flows to secure them.
https://www.npmjs.com/package/node-red-contrib-openid
https://www.npmjs.com/package/node-red-contrib-auth-oidc
https://www.npmjs.com/package/node-red-contrib-simple-oauth2
I'm a newbie in AWS infrastructure, and I can't figure out how to build auth process which I want.
I want to have something similar to what other cloud storages, like Box, Dropbox, Onedrive have:
developer registeres OAuth app with a set of permissions
client with one click can give a consent for this app to have listed permissions on his own account and it's content, eternally, until consent is deliberately withdrawn
Now, as far as I understand, client should go to console and create a user, create a role for him, then send this user's id and key to my app, which is not that convinient. I'm looking for a most easy and simple way to do that.
I've tested "Login with Amazon" + "Amazon Cognito", but it turned out as a completely opposite mechanism: client should set up Login, link it to Cognito, to provide me one click access.
So, is it even possible? Which is the best way to implement such auth process?
There isn't a way to do what you're trying to do, and I would suggest that there's a conceptual problem with comparing Amazon S3 to Dropbox, Box, or Onedrive -- it's not the same kind of service.
S3 is a service that you could use to build a service like those others (among other purposes, of course).
Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable cloud storage.
https://aws.amazon.com/s3/
Note the target audience -- "developers and IT teams" -- not end-users.
Contrast that with Amazon Cloud Drive, another service from Amazon -- but not part of AWS.
The Amazon Cloud Drive API and SDKs for Android and iOS enable your users to access the photos, videos, and documents that they have saved in the Amazon Cloud Drive, and provides you the ability to interact with millions of Amazon customers. Access to the free Amazon Cloud Drive API and SDKs for Android and iOS enable you to place your own creative spin on how users upload, view, edit, download, and organize their digital content using your app.
https://developer.amazon.com/public/apis/experience/cloud-drive/
The only way for your app to access your app's user's bucket would be for the user to configure and provide your app with a key and secret, or to configure their bucket policy to allow the operation by your app's credentials, or to create an IAM role and allow your app to assume it on their behalf, or something similar within the authentication and authorization mechanisms in AWS... none of which sound like a good idea.
There's no OAuth mechanism for allowing access to resources in an AWS account.
I am developing image server through S3 in AWS(Amazon Web Service) but i should solve the management issue
What i mean is that end user should be able to specific images in S3
For that, i am thinking about IAM(Identity access management) for allowing some users to access specific images.
What i want to know is that whether there is other solutions or not.
Actually, i have found about cognito but unfortunately cognito is supported in only 2 regions....
If you have a good idea, please give me explanation thank you
Unfortunately there is nothing in the suite of AWS services that fits your use case 100%.
While Amazon Cognito is only available in 2 regions, this does not restrict you to accessing S3 from only those 2 regions with credentials vended from the service. You could Amazon Cognito and IAM roles to define a policy that would allow for limited permissions to a set of files based on the prefix. However, at the current time, role policies would allow you to restrict access to 2 classes of files:
"Public files" - files accessible via all identities in your pool.
"Private files" - files accessible only to a specific identity in your pool.
If you wanted to support restricting access to specific files to specific users in your application you would need to handle this through a backend application that would proxy the access to the files in S3.
I'm looking for guidance on how to securely use azure storage in an public facing production environment.
My simplest scenarios is multiple windows 8 store clients uploading images to azure. The account key is stored in app.config.
Is it ok to distribute the account key as part of my mobile application?
Or should I have a backend service that creates shared access signatures for the container / blob?
Thanks in advance.
Sharing your account key in your mobile application is not desirable because the clients get complete access to your account and can view/modify other data. Shared Access Signatures are useful in such cases as you can delegate access to certain storage account resources. You can grant them access to a resource for a specified period of time, with a specified set of permissions. In your case, you want to provide them access to only write blob content. You can find more details about SAS and how to use it here - http://msdn.microsoft.com/en-us/library/windowsazure/ee395415.aspx