A user building a visualization in AWS opensearch doesn't have the ability to save the visualization.
When attempting to save the visualization:
{statusCode:403, error:'Forbidden'
message : "no permissions for [indices:data/write/bulk] and User [name='someuser',
backend_roles=[], requestedTenant='MyTenant']: security_exception"
}
We've created a custom role, mapped the user to the roll, and granted the roll both
indices:data/write/bulk
indices:data/write/bulk*
These index permissions are granted to both the query's target index pattern, and to the '*' index pattern. We've also verified that when the user is logged in the roll appears in the user's profile's "Roles and Identities".
What should I try next?
Related
I'm trying to get a list of the user's Facebook groups.
To do this, I analyze the documentation to understand it (Graph API) :
https://developers.facebook.com/docs/graph-api/reference/v3.2/user/groups
However, when I use this query, I get no results
I've done a lot of research.
And from what I understand, it is no longer possible today to obtain the list of user groups (depeacrated)
However, I do not understand. The documentation page still exists, for version 3.2 ( https://developers.facebook.com/docs/graph-api/reference/v3.2/user/groups) and nothing says that this is no longer possible.
Documentation says :
Returns a list of Groups where the User is a member and the User has granted the app any Group-level permissions for that Group "
My code :
FB.api(
"/" + id + "/groups",
function (response) {
if (response && !response.error) {
console.log(response);
}
}
);
I would like to get a list of all the user's groups, not just the groups where he is an admin.
https://developers.facebook.com/docs/graph-api/reference/user/groups/
admin_only=true
pass this parameter you will get only list of those groups where you are admin.
I managed to get the groups, when askd for groups_access_member_info permission during the facbook-login process, but it asks too much: with this permission app can post in your groups as well and can read former posts. I guess nobody will give you this rights, it seems this feature is over.
Additionally: in my privacy settings i found that the list of my groups are private information (haven't set is explicitly .. at least i dont remember) so it's maybe practically deprecated because of this default setting.
This is driving me cray. I am trying to retrieve the Facebook id after logging in. I am assuming I have to use the attribute mapping in order to achieve this? Any thoughts?
Heyo, Just thought I'd reply here too in case anyone else has questions about this.
I looked at the Facebook scopes reference page, and it says that public_profile is the scope that contains the user ID. So, I went to my Facebook Directory, and under 'Provider Configuration' on the 'Scopes' tab, I added public_profile. Under the 'Attribute Mappings' tab, I added id as the Attribute Name and set customData.id as the 'Stormpath Field Name'.
When users log in to my web app using their Facebook credentials, their ID is saved directly to their account's customData:
{
"id": "1260737122323"
}
To grab this data from the Account's customData and display it on the profile page of the React-Express sample project, you need to do two things:
Ensure that the web.me.expand.customData config is set to true in order to have the custom data fields populated,
Add a new field on the profile page with name="customData.id", like this:
This is covered in the docs under the Access custom data fields by prefixing field names with customData section.
The documentation of these Facebook scopes is a little confusing, the properties on "public_profile" are actually available on the root of the Facebook user object, so in Stormpath you want to map id to customData.public_profile.id.
I am developing an App with Meteor and asking for extra permissions from Facebook with the following code...
Accounts.ui.config({
requestPermissions: {
facebook: ['user_likes', 'user_education_history', 'user_hometown', 'user_location', 'user_website', 'user_work_history']
},
passwordSignupFields: 'USERNAME_AND_OPTIONAL_EMAIL'
});
I as an Admin is allowing for those permissions to be published but when the user is created, these permissions do not get added to the Meteor.user.
Is there something extra I need to do to add them to the DB?
Thanks
According to this
On the client, this will be the subset of the fields in the document that are published from the server (other fields won't be available on the client). By default the server publishes username, emails, and profile (writable by user). See Meteor.users for more on the fields used in user documents.
Meaning you need to create publish to return extra fields to client
I'm recently trying to lock down security on a parse project and have disabled except for public create.
However after doing so if I try and link an existing user to Facebook as follows:
[PFFacebookUtils linkUser:[PFUser currentUser] permissions:nil block:^(BOOL succeeded, NSError *error) { /* ... */ }];
I see the following error printed on console:
2015-02-04 00:11:19.856 Walker[43201:381190] Error: This user is not allowed to perform the update operation on _User. You can change this setting in the Data Browser. (Code: 119, Version: 1.5.0)
This is despite the current user having read / write permissions to itself:
If I enable public 'Updates' for the User class again this problem goes away?
Is there any way I can enable updates on the current user without enabling public access?
I ended up getting the following answer from Hector Ramos on the Parse Google Group ( https://groups.google.com/d/msg/parse-developers/JFMrXheHgdo/1dw_6dl1EmUJ )
In order to link a user to Facebook, the user object must be modified.
You'll need to turn on Updates for this class. Per-object ACLs cannot
increase the scope of permissions past what the class-level ACLs are
providing, as far as I know.
I took this to mean that I had to enable Updates for the class in order for any update to be made at all.
I still was a little concerns this could some how allow unauthorized updates to my user account (as this answer wasn't 100% clear). To be on the safe side, I also added a CloudCode before save hook which sets the users Access Control List (ACL) to only allow them access to this object (as per my apps requirements).
Parse.Cloud.beforeSave(Parse.User, function(request, response) {
// Set ACL for new User to only that user
request.object.setACL(new Parse.ACL(Parse.User.current()));
response.success();
});
I'm running into a situation where requesting a list of permissions that a user has granted to a canvas application intermittently returns an empty array.
The graph request would look something like this:
https://graph.facebook.com/[uid]?access_token=[token]&fields=permissions
Typically, a normal response would look something like this:
"permissions": {
"data": [
{
"installed": 1,
"email": 1,
"bookmarked": 1,
"publish_actions": 1
}
]
}
Occasionally though the response looks like this:
"permissions": {
"data": [
]
}
The code equates this situation to the user having not granted any permissions and restarts the auth flow. The problem appears to be intermittent, because the users eventually make their way into the application and if I manually retry some of the failed requests I find in logs the permissions are returned as expected.
Looking at the User API docs (http://developers.facebook.com/docs/reference/api/user/), it looks like permissions that are not granted are excluded. It's not clear from the documentation what happens when no permissions are granted. One would assume an empty map, which would render a response something like:
"data": [
{
}
]
However, even if the response is an empty array, the point in the code where this request is made should not be reachable without accepting a least some permissions.
This leaves me with a few questions that I'm hoping someone with relevant knowledge can answer:
Are there any circumstances under which the permissions granted by the user to the application are not available via the Graph API?
Are there any circumstances under which a canvas application can be authorized by the user without granting any permissions? (cancelling the auth dialog results in a request with additional query string params, which is handled differently)
Are there any circumstances under which a user can revoke initially-granted permissions without de-authorizing the application?
Edit:
Based on the discussion below I would like to clarify that my app requires the email permission, which does not appear to be revocable. The app has always required the email permission, so there shouldn't be a case of an older install without that permission.
Nope, not to my knowledge.
That situation is called basic permissions, where no additional permissions are specified in the scope parameter during login
Yes, the app user can revoke certain permissions. Go to (http://www.facebook.com/settings?tab=applications) and click edit on one of the apps (for example Groupon or Music or YouTube) and you can see there's certain permissions that can be removed by the user at any time. So it is good your app reads the permissions it still has available to it. It might save you some wasted graph calls to objects/actions you're no longer able to get.