I've implemented security rules for a Firebase and that's working great. But if an administrator can view any data then the data isn't private. And if the admin can - inadvertently or maliciously - modify or delete data, then the data isn't secure and the application isn't reliable. How can I prevent the Firebase data from showing in the Dashboard view?
There is no way to limit the data that is shown in the Firebase dashboard.
The Firebase Dashboard is meant for system administrators. So you should only give access to people who are allowed to see/manipulate all data.
In general it is a good idea to write your own application dashboard, which provides the administrative functions for your application. This would then be the dashboard that you give application administrators access to.
Related
What is the best way to restrict the scope of a connected app to a set of objects? My current solution is to use the Manage user data via APIs scope but that still grants more access than required.
A solution I see frequently is to create a user with a restricted profile and connect with that user but then you lose context of actions made by users in the connected app so this solution doesn't work
Tricky, you typically don't. (consider posting on https://salesforce.stackexchange.com/, there might be a clever way I didn't think of).
You can flip the connected app from "all users can self authorise" to "admin-approved users are preauthorised" and then allow only certain profiles / permission sets to use the app. But the bulk of it is "just" enabling the connection via API and cutting it to say Chatter only or OpenId identifiers. And that's already an improvement compared to SOAP APIs where you don't have scopes and the app can completely impersonate the user, do everything they can do in UI.
Profiles/permission sets/sharing rules are "the" way even in not immediately obvious situations like Lighting Connect Salesforce to Salesforce or Named Credentials access to another org.
If you can't restrict the visibility with profiles and access to all tables user can see is not acceptable...
you could create series of Apex classes exposing certain queries, updates etc and grant profile access to these classes - but without full api access? You could even let them pass any SOQL (evil) but use with sharing, WITH SECURITY_ENFORCED, stripInaccessible + custom restriction on tables before returning results
you could look into https://developer.salesforce.com/docs/atlas.en-us.238.0.apexref.meta/apexref/apex_class_Auth_ConnectedAppPlugin.htm although I suspect it's run only on connect, not on every request. So at best you could deny access if user has right to see some sensitive data, not great
if there are few objects you need to block updates if done via app - Quiddity might be the way to go. Throw error in a trigger if action started from REST context?
give the Transaction Security trailhead a go. If it looks promising (there's way to check "application" and "queried entities" according to this) - might be a solution. You'll likely have to cough up $ though, last time I checked the cool bits of event monitoring & transaction security were hidden behind an extra paid addon (standalone or bundled with platform encryption and Field Audit Track into Salesforce Shield solution)
2 logins? dedicated user for querying stuff but inserts/updates running as your end user?
I have an interesting use case for you today.
My team and I are building a free, third party, calculator tool that enables users to calculate metrics using their store's data.
We are looking for ways to pull in the necessary data and perform the calculation to show users... so far the best we've come up with is asking the users to export a report from Shopify and upload it into our application.
Looking for a user experience similar to this:
User opens our tool, application is hosted on custom-domain.com
Somehow the user authenticates or logins in to Shopify, or approves our app temporary access to their data.
Our app performs the calculation for the user, ending data access
Any ideas as to how this authentication or access of data can be facilitated? Shopify doesn't seem to have a 'login with Google' kind of authentication button.
Thanks!
There are two modes for authenticated access, namely Online and Offline. What you need in this scenario is Online Access.
From Shopify Docs
Tokens with online access mode are linked to an individual user on a
store, where the access token's lifespan matches the lifespan of the
user's web session. This type of access mode is meant to be used when
a user is interacting with your app through the web, or when an app
must respect an individual user's permission level.This access mode
must be explicitly requested in the authorization phase.
It should also fulfill your needs related to ending data access.
An access token created with this access mode is temporary, and is guaranteed to expire after some amount of time.
When a user logs out of Shopify admin, all online mode access tokens created during the same web session are revoked.
Once you have the access token, you can use Shopify API to query data so that your users don't have to upload any files manually.
I'm trying to use node-red to create a multi-user dashboard,
the idea is that the dashboard has different session, each for a different user. A user must be identificated by the system and can't reach the dashboard resources of another user.
I find the multiuser dashboard very useful to this scope, and I try to use it with node-red-contrib-user to obtain a login system that manages different types of account.
I make this flow:
but when I try to open the node-red-url/mui it redirect me directly to default user, without let me check the login.
The contrib-user works properly on sections that are different from dashboard (/mui or /ui)
It is possible to use the contrib on dashboard or it's better to think to another strategy?
Kind Regards,
Gianluca
Suppose that I have a web application. Consider it like a Black-Box for now. I want to use a backend system to limit what a user can view/do on the app.
i.e. Sample users can only do three functions, Premium users can do 10 functions and see more pictures.
What is the best way to do it?
I'm trying to using WSO2 Identity Server, but it doesn't offer this functionality. So I've thought that maybe I can integrate it with the WSO2 API Manager and make an API that limits users' access to a certain resource. But really I cannot find if it's possible do it. Anyone know it?
Please refer to : https://docs.wso2.com/display/IS530/Access+Control+Concepts
1) WSO2IS can act as a coarse grained access manager. Your application will act as a fine grained access mnager.
It means that roles can be defined in WSO2IS, managed and assigned to user. From there Roles assigned to one user can be provided as clains with the identity token generated by WSO2IS and sent to the application.
The application, on the other side, will manage roles to permissions links.
Access control is then done at each request by the application, based on the roles presented in the Identity Token by the user and the Permissions grid based on roles in the application.
2) The access control at the application is a business logic you must implement (or at least configure if it a COTS). It is possible to outsource this logic to WSO2IS as policies on attribute (with Workflows).
Please look at : https://docs.wso2.com/display/IS530/XACML+Architecture
Jeff
Auth0 looks like a very promising user management solution, but I'm curious if it allows you to export a user database.
This is an important feature because:
I'd like to make my own backups. (Not so much because I'm worried Auth0 might lose my data. But what if there's a bug in my code or my Auth0 keys are compromised?)
I might want to switch user management providers someday.
From Documentation > Importing Users to Auth0, I see there's a way to import users (on-demand when you can obtain their passwords anyway). And I can see they use bcrypt for password hashing (at least by default). But I don't see any mention of exporting users.
The Auth0 Management API allows you to export your data. Additionally, we have a tool that will help you both import and export users: https://auth0.com/docs/extensions/user-import-export
For the official policy see this document: https://auth0.com/docs/policies/data-export
Auth0 does not currently provide the facility to directly export password hashes. Not on their API and not by downloading from their web interface. Probably they never will provide this doing so would somewhat reduce security since an attacker with access to your Auth0 account could then attempt to brute force all of the user's accounts rather than just the active ones.
To get a more or less compuete export of user data there are three possible ways, all of which require activity in advance.
Request a full export from support - currently you have to be already signed up for support at at least developer level for at least a month (see the document Moving out of Auth0)
Do a gradual move out by creating a new, local password hash each time the user logs in. - you will have to wait for all your users to have logged in once. This is the inverse of the procedure for migrating in to Auth0. N.B. this will mean you miss users who never log in during your migration period.
Create and store a password hash yourself using Auth0s custom database connection for use whenever your user logs in. If you already have users in Auth0 you can combine this with method 2. to migrate those users into your custom database.
The answer from Nathan Totten here covers how to get the rest of your user data, though Auth0 support should be able to provide you with an export including all of that.