I am trying to create new user using grafana HTTP rest api:
I am doing HTTP post to https://adminTest:adminTest#grafanaUrl:8086/api/admin/users with body:
{
"name":"User",
"email":"user#graf.com",
"login":"user",
"password":"userpassword"
}
However i get:
{
"message": "Permission denied"
}
What are the right steps to create user with HTTP api? The adminTest account is admin account in grafana,
To use the HTTP Admin API, a user has to be a Grafana server admin. The term Grafana admin can therefore be a bit misleading.
To make a user a Grafana server admin, you have to be one yourself. From the docs:
To assign or remove Grafana administrator privileges:
Sign in to Grafana as a server administrator.
Hover your cursor over the Server Admin (shield) icon until a menu appears, and click Users.
Click a user.
In the Grafana Admin section, click Change.
Click Yes or No, depending on whether or not you want this user to have the Grafana server administrator role.
Click Change.
Related
I'm attempting to assign a service account created in a project to the Group Admin role in Workspaces (GSuite) as part of an experiment to set up IAM automation in Terraform.
I'm essentially following this support guide here: https://support.google.com/a/answer/9807615#zippy=%2Cassign-a-role-to-a-service-account
Once I add the service account to be granted Group Admin, pressing "Assign Role" appears to do nothing. The button visually hovers but no action takes place after clicking it. My only option is to back out and discard the request.
I am signed in as a Super Admin. I've also tried Firefox, Safari, and Chrome hoping it was just a UI bug. I contacted Workspace support and while they were extremely helpful they were not able to find any issue on their end or point me in any direction.
I have also tried assigning a dummy user via the 'Assign User' page and I get the same issue. The button/form just doesn't seem to react or produce any error messages.
Is there something I could be missing in my Org setup?
So considering the UI is broken for me, I ended up using the API Explorer to assign the service account to the Group Admin role in Workspaces (GSuite)
Requirements:
Service Account unique ID, found by navigating to your service account from IAM in the console.
Customer ID, this is the customer ID of your Organisation and can be found in Account Settings in Workspaces or running the command:
$ gcloud organizations list
The customer ID is listed under DIRECTORY_CUSTOMER_ID.
You also need to find the roleID of your Group Admin role, I did this via the API Explorer again, requires your Customer ID
https://developers.google.com/admin-sdk/directory/reference/rest/v1/roles/list
Send a request to that and then check the response for:
"roleId": "XXXXXXXXXXXXXXX",
"roleName": "_GROUPS_ADMIN_ROLE",
You then need to use API Explorer to insert your service account using the above details
https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments/insert
Request body:
{
"assignedTo": "XXXXXXXXXXX",
"roleId": "XXXXXXXXXXX",
"scopeType": "CUSTOMER"
}
Your service account should now be a Group Admin in Workspaces (GSuite)
We are using https://github.com/poseidon/typhoon for our kubernetes cluster setup.
I want to set up a dashboard for kubernetes similar to https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
I followed https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html and I am able to get the dashboard on my localhost
The issue with this is that "EVERY USER HAS TO FOLLOW THE SAME TO ACCESS THE DASHBOARD"
I was wondering if there was some way wherein we can access the dashboard via DomainName and everyone should be able to access it without much pre-set up required.
In dashboard documentation you can read:
Using Skip option will make Dashboard use privileges of Service
Account used by Dashboard. Skip button is disabled by default since
1.10.1. Use --enable-skip-login dashboard flag to display it.
So you can add --enable-skip-login to the dashboard to display skip button.
If your users don't want to login, they can click Skip button during login and use privileges of Dashboard service account.
I am currently trying to implement the use of the Acumatica REST APIs in a project I am working on. I am able to successfully log in to the application.
The issue is when I try to access additional data, customers for example, I receive the following message: {"message": "You have been logged out because your account has been disabled. Please contact your system administrator."} in the form of a 403 error.
I checked my account permissions and I do have the System Admin Role on the account I am using to log in to Acumatica. Below is a screen shot of my postman.
You probably have the admin user disabled.
Some function of Acumatica impersonate the admin user in order to complete their task. Some of these functionalities include the web services, the scheduler and the integration services.
Enabling the admin user should fix the issue you are facing.
I'm using the Rocket.Chat REST API for some automated user management. This was working great after I installed Rocket.Chat and my admin user had a username/password combo. Then, I activated the "iframe authentication" system in the admin panel. Now, when I try to use the REST API "login" endpoint, I get the error "User has no password set". Any ideas why this is happening? When I look at the user document in the MongoDB for Rocket.Chat, there is no "password" field (seems to have been deleted when I activated the iframe authentication).
UPDATE: I disabled the "iframe authentication" system and set a new password on my account. Looking at the DB now, that user has a "password" entry, so the password is there. But, now I can't log in because it says my password is incorrect. In summary, this software has a lot of bugs, it seems.
I see that I can publish a message through HTTP using RabbitMQ Manager plugin. My problem is that it exposes the exchanges and operations but requires an administrator user to perform the operations. Is that correct
I tryed to publish to this exchange using a user that I configured with write permission:
http://localhost:15672/api/exchanges/%2f/amq.default/publish
And the server returns:
{
"error": "not_authorised",
"reason": "Not management user"
}
But if I try to perform the same operation with the user guest I get the following response:
{
"routed": true
}
Is this correct? Do I need to have an administrator user to consume the HTTP publish API (even with a user that has write permissions)? Are there any other options to have an exchanged published accepting requests based on RabbitMQ User permissions?
Actually this feature is part of the management console and exposes functionalities related to this module. There are no options to configure users without administration role and access the HTTP api.
You have to add the tag to your user:
sudo rabbitmqctl set_user_tags youruser management
I got it from here