I'd like to list the currently logged on users for my Weblogic domain
Failing that, I'd like to know how many users are logged on.
Ideally by using the admin console, or a script if I must.
Summary of Deployments > "deployment unit" > Monitoring > Sessions
Related
We have lighthouse configured and I am trying to extract azure aks RBAC permissions information for a managing subscription from a managed tenant:
Get-AzRoleAssignment -scope "/subscriptions/0000000-0000-0000-00000000000000/resourcegroups/testrg/providers/Microsoft.ContainerService/managedClusters/testakscluster
Can we extract role assignments for a managing tenant's subscription while logged in a managed tenant cloud shell?
Thanks for your help
When using the Get-AzRoleAssignment command, it will call the Azure AD Graph - getObjectsByObjectIds meanwhile to validate the objects in Azure AD.
To solve the issue, make sure your user account logged in the cloud shell has permission to call the API, if your user account type is member, it will has the permission by default. So I suppose your user account is a guest, if so, there are two ways.
1.Navigate to the Azure Active Directory in the portal -> User settings -> click Manage external collaboration settings -> select the first option like below.
2.Navigate to the Azure Active Directory in the portal -> Roles and administrators -> search for Directory readers -> click it -> Add assignments -> add your user account as a Directory readers role.
Just select any of the options above, then the command will work fine.
For anyone coming to this thread after some searching: I had the same issue with this call across multiple versions of the AZ.Resources module: 2.5.0, 4.1.0 an 5.6.0. All my rights where setup correctly, both for an SPN and a user, both got the same error.
Changing the call to use the Azure CLI and that just works 😠.
az role assignment list -g [resource group name]
I have created a sheets sidebar addon which allows a user to select a group and update members based on a column in a sheet.
When I run it as my admin account, everything works; however, when a normal G Suite user runs the addon, they run into issues as the api I'm using to add users to the group is the Admin SDK Directory.
This is the error when I try to run as a normal G Suite user - "GoogleJsonResponseException: API call to directory.members.delete failed with error: Not Authorized to access this resource/api"
member = AdminDirectory.Members.remove(str, userEmail); or
member = AdminDirectory.Members.insert(member, str);
This works fine in a web app if I deploy to run as an admin.
Any guidance or tip would be greatly appreciated.
Unfortunately you cannot give a user running the Add-on permissions which that user does not have.
If you want the user to run the script, you need to assign him / his organization unit respective roles or privileges from the User Admin Console.
I suggest that you create a custom administrator role to give the user only the permissions they need to run the Addon.
If you are looking into running Apps Script with a service account, you'll need to install the OAuth2 library and perform UrlFetchApp.fetch() calls with JSON requests.
when I trying to fetch all product list with rest api.
http://magento-11498-25844-78339.cloudwaysapps.com/api/rest/products
it shows 500 internal server error
As i can see Magento rest API is not configured. Below two steps are required.
Preparing for REST API
These steps are required for utilizing REST API resources:
1. Set up permissions for REST resource operations from Magento Admin Panel.
2. Configure the attributes for different users types in Magento Admin Panel. There are 3 different types of users in accessing the data: Admin, Customer, and Guest. Admin is the backend logged in user, Customer is the fronted logged in user, and Guest is a non-logged in fronted user.
Also you can follow below url for better assistance.
http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
Please follow below Steps which is working fine for me.
1. Login to the admin panel
2. System >> Web services >> Rest Roles
3. Then click on guest then choose catalog all item then save the role
4. Then Click on System >> Web services >> Rest Attributes then Choose all then save.
Hope It will work fine. Thanks
Please look at the screens shots too.
I have installed SonarQube 5.2 and the LDAP plugin 1.5 a few hours ago. I am really happy about the easy configuration of the LDAP plugin in an Active Directory domain.
But I experience something which looks like a huge problem.
1) An AD user loads the web page of the SonarQube instance
[behind the scenes] a user is being created (starting up from the headers of the HTTP request and the information present in the Active Directory)
2) An administrator of the platform (e.g. admin, default administrator of the platform) gives her some rights (e.g. add her to the sonar-administrators group)
the web interface shows an updated set of rights for this user
3) The user starts a new session
!!! The user has lost all of its rights. She doesn't belong anymore to the sonar-administrators group
(expected behavior) the user gets an updated interface, with the menus reserved to the sonar-administrators group
Am I missing some important part of the documentation?
You have configured SonarQube to use an external system to manage security, in this particular case Active Directory. So the default (and expected) behaviour is to delegate both the authentication and the authorizations to this system.
In your example, if you want the user to belong to some specific group, you have to configure this in your Active Directory. Next time the user logs in, he will be associated to this(those) group(s).
Note that the groups must exist in SonarQube otherwise this won't work (i.e. you have to manually add them in the "Security > Groups" ).
To elaborate on Fabrice's answer, when you have a user or group in the AD that you want to have administration permissions to the SonarQube instance, go to:
<your sq instance>/roles/global
and add the user or the group to the Administer System global permission.
Using the Jenkins OpenID plugin I'm able to configure Jenkins to use my Google Apps OpenID as a provider. Anonymous users are still able to access that application (they have read access only), but I want to have it so that users are forced to login using the Google App domain or they are denied access.
I'm currently using the Jenkins Authorization setting of "Logged in users can do anything", I've tried using the "Matrix based authentication" and denying anonymous users, assuming logged in users would still have permissions, is there a special group value I can use for "logged in users" in matrix based authentication?
It seems like "Matrix-based security" will only work for specific users when using Google Apps OpenID (I don't believe Google apps for domains has support for OpenIDTeam extension
Yes there is a special group you can use to do this but finding the information about how to do it isn't obvious.
If you hover over the 'Overall - Read' column on the Matrix-based security table you'll get the solution.
It states
The read permission is necessary for viewing almost all pages of Jenkins. This permission is useful when you don't want unauthenticated users to see Jenkins pages - revoke this permission from the anonymous user, then add "authenticated" pseudo-user and grant the read access.
I use the following technique in combination with the OpenID plugin which allows me to specify a Google Apps for Business domain to secure Jenkins with
Warning: Make sure you've got a backup of your installation before you start because if you get something wrong you may lock yourself out of your Jenkins. Unpicking the plugins and settings would take longer than just restoring from a backup.
Ensure your choice of OpenID provider is still working ok with your current 'Logged in users can do anything' setting
Select the 'Matrix based-security' mode for Authorization
Add a new 'authenticated' group (lower case 'a') to the Matrix-based security table.
Use the 'check all' icon at the right hand end of the new 'authenticated' row to tick all the permission boxes.
Use the 'check all' icon at the right hand end of the 'Anonymous' row to untick all the permission boxes.
Save the settings
Reload Jenkins
Now each time a user wants to see Jenkins they have to be already signed into their Google Account and no-one can get to see any Job names or views without login.
Hope this helps.