I pulled out a list of users from an organization using advanced find, making sure that all the columns were included. I also checked the re-import headers box.
When I imported the list (same server, same AD rights) into another organization, I got no errors, no failures but no successes neither. No users were created at all.
Is it an intended behavior or did I forgot something?
Intended - re-import option breaks the import when not the same organization with the same data. Re-import option should only be used on the same organization. You can see from an old blog post from the CRM Team they state to not use that option when moving data org to org.
http://blogs.msdn.com/b/crm/archive/2011/03/23/transferring-data-from-one-crm-organization-to-other-organization.aspx
Note: Do not check make this data available for reimport checkbox as this feature is meant to export and update data in the same organization and not for cross organization data migration.
Re-imports intended use is for mass editing data that is already existing in the system.
CRM may disable the imported users by default. Check the disabled users view.
Related
I'm trying to setup customer access to some of my BigQuery data. I'll start off with my requirements, then what I think the solution needs to be, though I'm not sure how to execute.
Requirements
Separate billing per customer for queries
I don't want to make my dataset public
Read only access to specific datasets
Accessible via Excel connector
No access rights to my main project
They manage their own access privileges, I don't want to have to add and remove individual users from direct dataset access on behalf of all our clients.
Nice to have - Web UI access
What I've Done
Created a new Google Developer Project
Added a view-only user on that project
Added a service account
Granted access to my BigQuery dataset to the service account
Here are the options for granting dataset access from the documentation:
I imagine that I need to setup some sort of special group, but I can't figure out how to do it.
Thanks in advance!
In BigQuery there are two different concepts:
The first one is billing (for queries and any other billable
activity) that is linked with a Google Cloud Project.
The second one is access to a dataset.
Having said that, to fulfil your requirements you'd create a separate project for each of the customers, and grant access to the datasets in the granularity that you would want.
That way you would have the costs for each of the projects separated but billed to you. Be careful to give them only read access to the project, unless you want them to be able to create other services like VM or deploy GAE apps, as they'd be billed to you as well.
For example dataset [MyDatasetA] to users X and Y in projects Project1 and Project2, but access to [MyDatasetB] to users Y and Z in projects Project2 and Project3.
Thus, each project is accountable for the queries their users run, and you have your access control on each dataset without it being public.
Separate billing per customer for queries. Done with the independent projects.
I don't want to make my dataset public. Done with fine grained control access.
Read only access to specific datasets. Same as above.
Accessible via Excel connector. It should work without problems as they'd be first class BQ users.
No access rights to my main project. Again possible if they are restricted to their own projects.
They manage their own access privileges. This is trickier. I think they'd need more than read access to the datasets or more than read access to the projects to be able to add new users, if you use the project groups as access control.
Nice to have - Web UI access. Check out https://bigquery.cloud.google.com/
The project groups are groups that allow to select members with Viewer, Developer or Owner roles in one click, without the hassle of adding each member manually.
You get already three groups set-up for you to use: Viewers, Editors and Owners of the original project.
But you may create your own Google Groups and give those groups the permission you want.
The hint when doing so, is that new users will usually need to Display your project so that it appears in the BQ online browser. This is done by clicking on the arrow to the side of the project name in the BQ online browser followed by Switch to project then Display project with the project name that the Dataset belongs to.
Edit: Improved the explanation about Group access
I would like to know how to create different (multiple) repositories in Pentaho Enterprise version.
Below are some points which I would like to add.
1. Different repositories for different users, so one user cant access the other users transformations and jobs.
2. One user cant access the DB connections of other users in different repositories.
My main concern is I want logic here is for security reasons. One user cant access or update other users created transformation.
Is this possible? Please help me on this.
Thanks for all in advance.
This is exactly how my repos are set up. I use database repos on PostgreSQL for all my users. To create a new repo, just click the green + button at the top right of the Repository Connection dialog.
To keep users out of each others sandboxes, I create a different schema for each user and assign DB permissions accordingly. Note, the schema has to be created before you create the repo. Of course I'm DB superuser so I can get into all their repos.
When you create a connection for a repo, go to the advanced tab and specify that user's schema in the 'Preferred schema name' box. Note, this connection will not appear in your list of connections stored in the repo; it's in the repositories.xml file in the .kettle directory. I also created a template xml file that I can tweak give out to anyone who comes on board as a developer. That way they only see their repo in the connection dialog, but my repositories.xml has all of their repos.
You can do this with file based repos as well, but of course you'd handle permissions through the file system rather than the DB.
It's also true that repos can have multiple users. I use this feature when members of the same group need to share transforms. For example the Data Warehouse group is all in one repo, but each has their own directory; the other group has their own repo, etc.
I am not sure ,that you can create multiple instatnce of same repository , but
i sugest you can use single repository with different user and with
different user level permissions
You concerns can be re-solved based on user level permission on repo
I've already created a Welcome page where a user chooses amongst 3 user types (buttons). Each button takes the user to their own login forms. After they login they are each taken to their own switchboard.
The problem is they can still see the options on the left. I "unchecked" the option in options menu, but they can just check those if they wanted to, to see them.
I want some users to be locked out from accessing those navigation options permanently because there's sensitive information in some of the tables.
Is there any way to do that?
If you want to accomplish your objective using just Access then you'll need to store the tables in an .mdb file and configure it to use user-level security. However, that approach has at least two significant disadvantages:
User-level security can be a nuisance to set up and maintain, and
That security model (encrypted .mdb files and associated .mdw "workgroup" files) is deprecated.
If you're serious about your security requirements then you'd be better off using something like Microsoft SQL Server (perhaps the Express Edition) for your back-end data store.
I'm working on a DB2 for i database (aka DB2/400), on a schema (library) named S.
Inside schema S, I create database tables, procedures etc. with user A. I need that also user B has all privileges on such new objects. So I granted all privileges to users A and B on schema S. But new objects don't inherit them!
So I tried many configurations: on System i Navigator I played with authorization lists, "New Objects" button on permissions dialog for schema S... but nothing worked.
How can I set kind of default permissions to be automatically inherited by new objects created in my schema?
The only working alternative I know is remembering to grant privileges to user B every time I create an object. Not so smart...
Security is a large topic. It's normally handled by an administrator; someone who is aware of the larger ramifications of altering permissions to libraries.
There are several related settings to consider. Since you're trying to secure individual objects, you probably have restricted public authority either by setting QSECURITY to *EXCLUDE, or changing the library's CRTAUT to *EXCLUDE.
If we want ALL newly created objects in this library to have the same authority, consider an authorization list. I know that you said you played wuth authorization lists, but you didn't specify what you did.
Create an authorization list. Authorise user A and B to the authorization list. CHGLIB myschema CRTAUT(myautl). Now each object in myschema will have the same authority.
I have IBM i 7.1.
If I create table using 5250 emulator, inside STRSQL, it works, inheriting schema authorization list.
If I create table using iSeries Navigator V5R4M0 (neither with right click on Tables > New > Table, nor with cwbundbs.exe), it doesn't work. Authorization list is not inherited...
So it seems to be a bug in iSeries Navigator. Maybe someone with a newer version of it could confirm us if this has been fixed.
Full details in the chat with #BuckCalabro.
I have created a custom report and it shows up on my "Reports" tab. How can I make this public to everyone in the project so that they can see it in their workspace?
There isn't a way to share it with only a subset of users. What we often do for custom apps that are only useful for a small subset of users is have the admin share it, then have the subset of users copy it and then have the admin un-share it. Note, we resort to this solution to save the limited number of shared dashboards we have to apps and reports that are relevant to all teams. The problem with this solution is it makes it challenging to upgrade the app with new features. Nonetheless, I thought I would mention as an option if you are limited to the number of shared dashboards.
In order to share the app with other users you need workspace or subscription admin privileges.
https://prod.help.rallydev.com/create-custom-pages#share