I am using Piranha CMS , and i want to create multiple users in different group, i tried to do so but its not allowing me to login those users,even i have to implement that logged in user should only edit few pages which is permitted to that user. How can i restrict user to do so
The group permission system in Piranha CMS is hierarchical, this means that all users that should be able to log in to the manager should derive from the group admin.
When you have that set up you can take a look at the different permissions in the manager interface and assign these to different groups.
There are however no support to allow users to only edit certain pages, if you want that kind of behavior you'll have to implement it yourself in the available manager hooks.
Regards
Related
I have a question regarding Cumulocity. I want to create a site hierarchy in Cumulocity, we can go up to sub-tenant level only but I want to create a hierarchy up to 2 level.
Let's take an example of schools, its locations, and different branches. Here I want to attach an owner with each branch and that owner should be able to register only their own users and devices. I was trying to achieve it using groups, roles etc but was not able to do it. If anyone can suggest how to proceed for this use case.
I can see two possible options using which this can be tried:
Groups
Custom Apps (Angular apps)
But I am not sure how to proceed as there is no direct UI for the user to group assignment and REST API for this assignment is giving me errors.
You can use the inventory permissions for configuring access rights that are limited to a certain group see documentation
The managing of only your own users can be achieved by giving a user the global permission for USER_MANAGEMENT_CREATE. Make sure to revoke the ADMIN and READ role as well.
I would not recommend to solve this with apps on the UI side. That way you can of course hide information from the user but he may still be access it via API. Only with the RBAC you can really ensure on API level that the access is managed correctly.
Hello again every one,
I have a question: I successfully implemented django-auth-ldap, the LDAP users can request successfully my DRF API. But nows, for my projetc needs, I have to define permissions depending of the group.
Indeed, I will have like 12 groups in my app. Depending of the group, I will authorize or not the user to request a given route, BUT even if I defined the global var AUTH_LDAP_MIRROR_GROUPS = True, and saw in my database the are linked to a group (see capture):
Users in database
Groups from LDAP inserted in db thx to django-auth_ldap settings
User linked to the groups defined
But now, I have some other problems: I do not know how to implement permissions depending of the group the user belong. In fact, if a user belong to the group ServerAdministrator, I want to allow him to access to every route accessible, but I dont know where to see this in the received request in my view?
As I understood, I should implement custom permissions I should write programmatically in a User object (which should inherit from django AbstractUser)
If yes, How does it work? Should I empty my whole Database and then let django-auth-ldap insert users and it also will create the given permissions defined inside the database?
Maybe it is not clear, do not hesitate to ask questions if I can be more precise.
Kind regards.
Benjamin
Can we restrict a user to view and use only one page and hide all other pages in the apex application in oracle apex 5?
The scenario is similar as we assign a particular responsibility to a particular user in Oracle EBS and he has the access to use that particular responsibility and rest are hidden to view.
How to achieve this??
Yes ,You can do it by using authorization schemes.
By using authorization scheme ,you can restrict the user for viewing other pages.
Regards,
Nikita
Easiest way is to create an Access Control page. It will automatically create three authorization schemes for you. Admin, Edit, and View. You can assign users to those. Set application mode to Public read only. Edit and administrative privileges controlled by access control list. This will open the application for all the users, except for the pages that you control using authorization schemes.
I have an existing MVC project (purpose built customer portal) that I am integrating into Orchard CMS as a module.
The customer portal module has its own database containing user information, which I need to use for customer authentication.
However, I also want to retain Orchards user authentication for admin authentication to Orchard.
So essentially, I require two authentication schemes with two different login pages for this. One for customers and one for admins.
How could I implement this?
One solution might be to cancel the idea of having 2 differnt login pages and moving your users to Orchards user table.
Then link these users to a specific role named like My existing MVC users and grant permissions to this role accordingly.
If you take this route some of the benefits would be
bound to Orchards user database and therefore existing authentication handling
existing permission stuff can be used / extended out of the box
user management in one place
extensible by using own parts (e.g. AddressPart, ContactPart, ...)
Another solution would be to replace the existing authentication by implementing IAuthenticationService. But this seems rather complex.
I guess this question basically boils down to some misunderstanding that I have about how the SonarQube LDAP plugin works in general. We have integrated the LDAP plugin and our users are authenticating against our corporate LDAP server. When we we want to create a new group and add users to that group for a new project, we have assumed that the users themselves must authenticate into SonarQube first so they get added as a user to SonarQube. After that, then we are able to put them into the appropriate groups that they belong to. This is a pain for our administrators since the people that need to be added are logging in at differing times or forgetting to log in at all. What we would like is something that Nexus provides where we can do a lookup of that user's account id, then add them and place them into the appropriate group(s). In that way, the user is not bothered by having to login first and then the administrator has to give the privileges and then the user logs out and logs back in. Is this a misunderstanding on my part? I ask because when I go to the users page and click on 'Create New User' it not only asks for the user's id but also the user's password which I obviously don't know so this is telling me that this will be a local account.
By default SonarQube's LDAP plugin works like you think it does. You can configure LDAP group mapping so that when the user enrolls, he/she is automatically added to the appropriate group.
In other words, create the group for the project in SonarQube, and then create the same group in LDAP and add users to it. Then when users login for the first time they will be in the appropriate group, and on each subsequent login any group changes will be reflected in SonarQube.
This, in my opinion, is infact better than adding users manually.