Since I implemented active directory into my mediawiki, I have a certain problem that I got a user now which is actually not there. I means once I click or hover over the user it tells me:
User is not registred
I tried to merge it with the userMerge extension, but the user doesn't exist obviously, but he is in the userlist. Makes no sense to me at all.
So I know you shouldn't delete a user from an SQL table; I need to because our internal wiki should not have any local users any more. Also here I can't really find any good explanations of where I can find the user tables in the phpmyadmin panel. I would appreciate the help.
Mediawiki got installed with XAMPP.
As far as I know, Mediawiki doesn't really support deleting users. The commonly accepted practice is to ban/block misbehaving users. In recent years, large-scale spambots have been a problem resulting in a lot of garbage wiki accounts, so it looks like there are some solutions. Here's the extension that looked the most relevant:
http://www.mediawiki.org/wiki/Extension:UserMerge
This lets you merge a user's contributions in with another user's, and then delete one of the user accounts.
Related
Background- my organisation have a global directory. The Active Directory only stores the employee numbers and employee name. No information about the role title is stored in Active Directory. (I have already built an LDAP query to retrieve all the information from AD, retrieving the role title is my issue).
On our intranet, there is global directory, which shows the role title. Now this is obvious to me that the role title is stored in some other database.(not AD)
I am wanting to write a script (not sure what to use), to pump a list of employee numbers in the search box and retrieve the role title.
Is this possible? I've never scripted anything to retrieve information from results coming from a website/intranet etc. Any guidance will be appreciated, LDAP queries unfortunately was not the right approach for me as the organisation does not store role title in AD. (I have thousands of employees to find and I don't think it's practical to search individually)
Gemmo
I take it you only have access to the front end of this system. It is not ideal, but the only way would be to use web scraping. That is, parse the HTML from the web page.
This method is time consuming to put together and very prone to breaking since it is entirely dependent on how the data is presented on the page. If anything changes, your web scraping can break.
But if you will only need to do it once, it might be worth it. A tool like this one could help you do it. (that is just the first one I found online. There are others, just search.)
But since we can't access this site, we can't really help any more than this.
Web scraping really is the absolute last resort. Any other way to get the data is better than this. Maybe you could even ask the administrators of that system to give you a one-time report of just the data you need to see. As long as they're willing, there's no reason they couldn't give you an Excel spreadsheet with the data.
GOAL:
-To allow the manager to only view the all projects in qlikview, and not edit anything.
-Team members can only see data from projects they are in
CONDITIONS:
-Joe(Team member) can only see data from his projects only.
-Bob(Manager) can see data from all projects in the team, however he cannot edit or make changes to them.
In this scenario, there is only 1 manager, an admin, and many team members.
So I guess the process would be:
Check who the user is (Not sure what to use here. Username/password? Ideally it would be the company email, but don't know if this is possible)
Once it knows who the user is, checks if said person can access the document
If they do have access, it decides what can be accessed. (if manager, can only view all projects, if team member, can only view certain projects)
Display the dashboard.
Right now, the QVW file gets data from a database using OLEDB connection.
Sorry I've only been introduced to Qlikview about a week ago and I've been tasked to get this done so any help would be great.
Thanks.
You can find a lot about QV section access around.
Think your scenario is possible to be achieved using section access. Please read https://community.qlik.com/docs/DOC-1853 for more detailed explanation of section access methods.
Warning: Always have copy of the document without section access!
Just to be sure you are not locked out of the document because if this happens there is no way to open the document
I have multiple projects in TRAC. I'm using mod_wsgi, and my wsgi script file TRAC_ENV_PARENT_DIR variable is pointing to the folder containing folders with all these projects. A few users have access to different projects. When a user visits the TRAC URL, she can see the listing containing all these projects, yet has no access to some of them.
Is there any way to show to a user only those projects this user has access to?
Please advise.
Preamble: I abhor security through obscurity. Your request could be read as cosmetics in web site presentation. Don't aim at improved access control, because knowing a valid path will still give access to each Trac environment depending on it's settings. Of course better navigation is a good reason.
Requiring to hide folders depending on user's permission means you require authentication before granting access to TRAC_ENV_PARENT_DIR. This could be done with standard mechanisms that your web server supports. This is just the precondition.
As you say, you have some non-public Trac instances in your Trac environment folder collection. How complicated it is to identify all folders correctly, that depends on how much you want to spend on initial implementation vs. maintenance.
I should be trivial, but error-prone, to provide a list of either the public or the private directories, of course whatever is easier to maintain. Zero additional configuration would require to open each Trac environment and look up user permissions. )** This sounds rather cumbersome and means probably a performance penalty for applications with large user base and frequent access. You will at least work with a cached list, if you go down this road.
You can't use Trac's auto-generated Available projects list but you'll have to deliver at least two versions of an index page for authenticated/unprivileged and authenticated and privileged users.
For the sake of maintenability you'll want to consolitate configuration and permissions. For access to each Trac environment you could use trac.ini inheritance and a shared .htpasswd file. However you can't inherit permissions, because these settings are stored inside the Trac db. You could give TracUserSyncPlugin a shot, but it seems not yet fit for production, or at least lacks feedback of all the happy users, if they exist.
)** While I'm not aware of dedicated documentation about this, there are actually several possibilities. Since permissions are stored in the Trac db, all involve reading/querying the permission db table. It's structure is documented with all other tables of the Trac db schema. To read you'll want to open the Trac environment(s) and then use a direct query on the table (see a AccountManagerPlugin changeset for an example) or construct and query a PermissionCache object.
It may be an old question, but so far i've found the answers to be rather complex without need.
I think using the information stated here, http://trac.edgewall.org/wiki/TracInterfaceCustomization#ProjectList , one could build a template that checks for users and permissions and then show the data it should.
In my case, i just needed to point the "TRAC_ENV_INDEX_TEMPLATE" variable to blank HTML, and that was enough for me.
(I am newbie to tortoise SVN)
I have 2 folders in my tortoise SVN.
Each need a different set of authorization
(I do not want
people who have access to the first folder to have read / write access to the second folder).
How can I accomplish it? I noticed that all permissions are defined in a file in the root level.
This is covered in the Subversion Book section on Path Based Authorization. You can check out the link for more details, but I would just draw your attention to this part:
A lot of administrators setting up Subversion for the first time tend to jump into path-based access control without giving it a lot of thought. The administrator usually knows which teams of people are working on which projects, so it's easy to jump in and grant certain teams access to certain directories and not others. It seems like a natural thing, and it appeases the administrator's desire to maintain tight control of the repository.
Note, though, that there are often invisible (and visible!) costs associated with this feature. In the visible category, the server needs to do a lot more work to ensure that the user has the right to read or write each specific path; in certain situations, there's very noticeable performance loss. In the invisible category, consider the culture you're creating. Most of the time, while certain users shouldn't be committing changes to certain parts of the repository, that social contract doesn't need to be technologically enforced. Teams can sometimes spontaneously collaborate with each other; someone may want to help someone else out by committing to an area she doesn't normally work on. By preventing this sort of thing at the server level, you're setting up barriers to unexpected collaboration. You're also creating a bunch of rules that need to be maintained as projects develop, new users are added, and so on. It's a bunch of extra work to maintain.
Just to round the post of codeka up. You can't set (at least I never have found out how) any permissions for the repo in tortoise as it is the SVN client application. You would have to set the permission on your svn server. If you happen to be running VisualSVN Server (free) you can setup user rights in a windows-easy manner (point and click).
I'm a fan of Trac, and of course when I'm just using it for my own, lone, projects I can just give myself full admin rights.
When there are other developers involved, or a not-very-technical manager (or, for that matter someone that is a designer rather than hard-code developer), that needs to be able to keep up with what is happening - and do things like add/update tickets, but not potentially break anything, then the fine-grained nature of the permissions gets to be a little more complicated as to what is required for someone.
What permissions do you use for those groups of people (and other similar ones)?
I generally avoid giving the *_ADMIN perms to users if I can avoid it. Trac 0.11 makes that a little easier by adding TICKET_EDIT_DESCRIPTION.
Depending on the setup and the culture, I'll grant the *_VIEW permissions to authenticated (everyone who has logged in) or in lax setups, anonymous (everyone, even not logged in).
I will generally create a developer group, grant the various permissions to that group. Then you just add people to the group (or add the group as a permission to the user, same thing). Do the same for designer, manager, tester, etc.
A manager would want the various ROADMAP_* and MILESTONE_* permissions. I'd be cautious about REPORT_ADMIN unless the manager actually knows SQL. My boss is generally happy to give me an example spreadsheet of the report he wants and I'll whip up a report for him. Be sure to point out to them that if they setup a custom query that does what they want, they can bookmark it -- everything is in the URL -- so they can go back to exactly that same query with current data using that bookmark.
You'd probably want to let authenticated file and append to tickets--doesn't usually who notices a bug, you still want to know about it. If you lock down the workflow permissions enough, you may be able to give out TICKET_MODIFY to more people as well, though that route will be a bit more work.
Those you have some trust in can probably be granted TICKET_EDIT_DESCRIPTION so they can fix up their bug report formatting when they forgot to to start with.
If you have a lead developer, that individual user should probably have TICKET_ADMIN to deal with adding versions and such.
I typically turn on all the VIEWs, plus WIKI_CREATE, WIKI_MODIFY, TICKET_CREATE (or TICKET_CREATE_SIMPLE if using the Simple Ticket plugin) and TICKET_APPEND.
For users I trust to have a little more power, I'll also turn on TICKET_MODIFY.
For a non-technical manager, I'll also turn on MILESTONE_ADMIN. For a technical manager, I'm likely to jump to TRAC_ADMIN -- but if that's too far, at least add REPORT_ADMIN.
Typically, I'll go ahead and give the developers TRAC_ADMIN... but if you don't trust them that far, the above permissions through the power user level plus TICKET_ADMIN are probably sufficient.