We have a program that synchronizes defects between RTC and another program. To do this, we have a service user in RTC that creates/modifies workitems. But this requires a contributor license and have only a few of those.
So is there a way to ensure that this service user gets a license permanently?
For the users this isnt an issue, if there arent enough contrib licenses, they use a developer license instead, but we'd rather not give this service user the more expensive dev license.
In the user view (for your service user), you should see in the tab "overview" a section called "Client Access license" (or 'CAL').
In here, you can select the type of license you want to attribute for that user.
More details in "Client access license management overview".
That will link your user to one type of license (not to one license instance, since we are talking about floating license).
Related
I am trying to implement a hardware busy light to show my Microsoft Teams presence so that my family to not enter the room I have the office while I am in a meeting. I am looking to implement something similar to:
https://www.eliostruyf.com/diy-building-busy-light-show-microsoft-teams-presence
https://blog.jongallant.com/2014/12/beakn-v0-1-diy-lync-status-light/ (older acticle - similar idea).
The only problem I have with this setup is that I cannot get the MS Teams status.
The best way to go is by using MS Graph Presence API but my problem is that this is a company account and I don't have (and there is no way I could have) and app in the main subscription granted with the required scope: Presence.Read.
So I tried different ideas but none worked in the end:
check local running processes
check if MS Teams exposes any local API
check if there is a CLI available
This seems a simple idea, I mean, I see the status right there now while I am typing this message, I could as well do an app that gets a screenshot of the taskbar and extract the status from the icon, but is that really the only option I have?
I think I found something interesting for you.
Go to
C:\Users\user\AppData\Roaming\Microsoft\Teams
you'll find a file called logs.txt
In this file you see if your current state changed
(current state: Available -> DoNotDisturb)
I would write a script with php or VB (depends on your skills) that read that logs.txt file like every minute and check for the last "current state" line.
What those posts are doing (certainly the first one, I didn't check the 2nd one) is calling the Microsoft Graph, which has a "presence" endpoint to get a user's status. There's actually even a specific "/me" endpoint, to get your own personal preference (less access rights needed). See more about this here: https://learn.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-1.0&tabs=http
In order for this to work, as you've mentioned, you do need to have an Azure AD App registration. However, importantly, this will only require "delegated" permission (i.e. only permission from the single user, you, to access just data for that single user, you). As a result, you can use "delegated" and not "Application" permissions, which means that it does -not- require Admin consent for the tenant.
It -does- require and Azure Add Application though, at the risk of stating the obvious. While you don't have tenant admin rights, you need to see if you have Azure rights, just to create an application (you might have this anyway as a developer in your org). If you don't even have this, you can sign up for an M365 Developer account, and use that tenant. Importantly - the application does't have to be in the same tenant. If it's not, it's just a simple multi-tenant app, like any 3rd party Azure AD-backed application is.
I am building a special application that helps users to insert some data in SAP. Currently the functionality of the app works as expected. But when data is saved in database, the logs are showing, that the user who made changes is the System user. I would like to request a username and password of a so called Dialog user for SAP GUI. Then the System user would impersonate it and make changes.
I tried to set User and Password parameters of RFC Configuration to Dialog users information and added RepositoryUser and RepositoryPassword parameters. This throws me an exception:"No RFC authorization for function module RFCPING."
I could make additional user authentication with SUSR_CHECK_LOGON_DATA RFC but this would not solve a problem of logging user changes.
Is Dialog user allowed to call remote functions, or does System user do that in his name? How to achieve impersonation in SAP.NET connector?
I read through SAP .NET Connector 3.0 Programming Guide, but did not get the right information.
Thank you
Obviously your used user ID lacks the basic RFC user authorizations. Of course, you may also use a dialog user.
SAP has documented the required minimum RFC user authorizations for several usage scenarios in detail in the following note:
460089 - Minimum authorization profile for external RFC programs
Friends,
I need some help on Word API Authentication.
Scenario:
Our articles has meta data which contains who can work on the articles (User1, User2), we need to know user_name (window's id) who logged into the machine so that we can authenticate the users against article metadata without asking them to log-in each time.
Workflow:
Article Creator Process is responsible for creating the document. This process will create word document and will be transferred to the user.
Article processor is adding custom xml part into document such as User Name, Document ID etc.
Authentication Rule is simple here. If article metadata contains your name then only you can work else not.
We need to match article meta data name with user who is opening the document. So here we need to know who log-ed into the machine.
How we can get this information for Online and Offline ?
We don't want our desktop users to enter the credentials again and again. For desktop which is (90% users will use desktop) is should be pretty straight forward, get user name and match it with article metadata.
Appreciate any help on this, any alternative solutions to handle this are most welcome.
There is no way to find out the current user's username. You can get the unique ID of the user in terms of a GUID-like entity, though, so I suppose you could store the user GUID into the custom XML part instead. The GUID corresponds to the Microsoft account or OrgID identity of the user.
See https://msdn.microsoft.com/en-us/library/office/jj164035.aspx for more info, particularly the "To load a test license from your Visual Studio project" section that describes the structure of the validation token.
Alternatively, if you can trust your users (i.e., it's just identification, not authentication), have them type in their name once, and then store it in the browser's localStorage.
My requirement is the claims assigned to a user are company aware so say for example
User 1: is publisher for Product Manager for Company 1 but the same user is only editor for Company B. Can this be achieved through Geneva Server, or additional code needs to be written to override classes.
In my opinion it's the relying party itself should be making decisions on what roles to attach to a token based upon the identity itself.
However you can set rules based on individual relying parties and choose to serve information as a claim based on whatever the backing store says. Now how you represent that information in whatever backing store you are using (AD, LDAP, SQL, whatever) is a design decision at your end. You may also want to look at harnessing the claims transformation language in beta 2.
It's really hard to give any specific advice without knowing details about where your claim backing store is going to be and why you think you need to go this route.
The roadmap for OpenSSO said entitlements would be out summer09. Anyone know whether it will be able to solve data level security, for example "userA can only enter <500 in this field on the screen" OR "UserA can see only these values in the dropdown".
How is this implemented in organisations, each app controls the data level security or is there some who have an enterprise repository for it.
Thanks
yes, this is exactly the kind of problem that OpenSSO Entitlements are designed to solve. I did a demo at JavaOne last week that showed a demo mobile phone account management system with three policies:
Each phone user can read their own permissions (e.g. can download music/video) and call log.
The account holder can read and write the permissions of all phones on the account, and can see the call logs for all phones on the account.
The account holder can read and write account-wide data (e.g. billing address).
I'll be posting the source code to the demo and explaining how to deploy it on my blog.
To answer the second part of your question, there is an enterprise repository for policy, but it is enforced on an app-by-app basis. In the demo, most enforcement is done by a servlet filter which makes entitlement calls for each requested URL. This worked well, since we used RESTful web services that express the requested resource in the URL. In one spot we made an explicit policy call since the URL pattern did not correspond to the policy - the client could navigate to the account resource via the phone URL. I expect I could have constructed another policy to handle this, but I actually wanted to show an explicit entitlement call.