What would I need to do, briefly, to create myself a system to manage (create, delete, update) posts so the client could do this himself with a user friendly GUI, all of this (even let’s call the admin panel) on the web ?
Related
I scrolled through the documentation of KeyCloak and also set it on my machine to explore.
I also explored fine-grained permissions however I didn't get much detail in documentation around the n-level of nested hierarchies.
Here https://www.keycloak.org/docs/latest/server_admin/ this talks about limiting an admin user to particular client management, however, I want certain users, within the client, to be able to create accounts but with scopes and attributes limited to what's assigned to themselves.
For an example:
For a client(ERP>Transactions) we want to create an Org(our customer) Admin who in return will create teams and team admins. Team admins shall be able to invite their teammates in there.
Now I just want to know if only Keycloak can be used to make sure a user in one Org shouldn't be able to create a user in some other org, in the same way, a team admin shouldn't be able to onboard/invite a user in some other team.
Because if Keycloak in principle can't handle this, our team will start writing custom logic in our application code base for this.
Is it possible to disable writes, updates and deletes from web admin console? ( Allowed Read Only )
I want write, update or delete from client side only ( Using Code Only )
Is it possible to disable writes, updates and deletes from web admin
console?
With "web admin console" I guess you are speaking about the Firebase console.
If you want to assign to a user a read-only permission, in such a way he/she can only view (but not modify) existing data, you can assign the Viewer role to this user. See the doc.
I am using Github Enterprise v2.13.5 and want to activate dormant users. Currently Github automatically activates the dormant user when they log back in. But I need to explicitly activate all dormant users
The /users API does not tell us whether a User is dormant or not. There are some manual workarounds for at least identifying the inactive users , but most that I found are not feasible in practice.
If you do not need any information on which user was dormant, you could write a little script that automatically creates impersonation tokens for each user and (in their name) do one arbitrary action on Github:
With your account, create a project [yourname]/un-dormant-project
For each known user (get via /users API):
a. Create an impersonation token
b. In the name of the user, perform an arbitrary action on [yourname]/un-dormant-project
c. Delete impersonation token
I assume that you must not delete the project you created because otherwise the users will become dormant again very quickly.
Disclaimer: I did not try this approach out.
I'm working with Shopware.
I've added a new attribute "proxy" to the s_core_auth table for each user in order to show the ability to get access to the Customer Module in the backend, so that if a user is not selected as "proxy" he/she won't be able to make changes in that module.
I need help to understand what I need to write in my plugin's code (maybe having only a Subscriber file.)
I'll be very grateful!
Adding a custom column to the s_core_auth table is not a good idea. What you're trying to achieve can be done with user groups and group rights. From the Shopware Documentation:
With User administration you are able to create new users in the backend and control access rights to areas, modules and plugins in accordance with certain group policies that you define per ACL (Access Control List). Within the ACL you have the possibility to control precisely which user is able to perform which activity. Thus, it is possible to assign certain reader rights to an administration group without granting them authorization to edit or delete.
You can find instructions for User administration inside the Documentation.
I'm using Qlik sense ver 2.1.1, according to the manual of Qlik sense:
4.1.1 Users and licenses
Before anyone can use Qlik Sense, they must be added to the system and licensed. There are two ways that users are added to Qlik Sense Enterprise.
Local Security Layer—Any user already in the operating system’s security layer (Local User Directory or Active Directory, for example) who tries to connect to Qlik Sense is added to the user directory. Those users are not granted access to any resources until they are licensed, but they appear in the user directory.
Directory Sync—After a User Directory Connector (UDC) is configured, users from that directory can be added or synchronized into Qlik Sense. Those users are not granted access to any resources until they are licensed, but they appear in the user directory.
The problem is that I don't want to use domain account to login QLik sense page. I have some pre-defined users on Qlik server for corresponding groups. But, when a new user access Qlik sense page, they're logged in as their domain accounts automatically, and even can't log out, then it's impossible to log-in by my pre-defined user.
How can I change the setting of Qlik sense to disable of this silly automatic log-in mechanism?
The problem you have is that the default Virtual Proxy created during the Qlik Sense installation always attempts to authenticate people against Windows accounts and it only uses Http Authentication to transmit credentials. (If you want something different, you have to create a different Virtual Proxy.)
If your users don't have a chance to type in credentials, it means the browser is configured to automatically supply them when the site asks. You have to turn that setting off. In IE, you can turn it off by going to Internet Options -> Security Tab -> Local Intranet (or whatever makes sense for you) -> Custom Level -> User Authentication (Scroll to the bottom). Set it to the "Prompt for user name and password" setting. Chrome uses IE's settings. In Firefox, go to "about:config", search for "network.automatic-ntlm-auth.trusted-uris", and make sure the domain of your Qlik install is not in the list.
Unfortunately, with Http Authentication, the only way to logout is to close the browser completely (unless there's some browser extension that works around that).