I there any way to delete multiple users from aem useradmin console.I have the list of users with there userid in excel sheet. Any way to import list of users from excel sheet and can I delete users using curl command?.
You can delete users with curl:
curl -u : -FdeleteAuthorizable= http://localhost:4502/home/users/t/testuser
But to do so, you need to know the path to the user. Since users are nowadays stored in a node with a generic name (rather than with the user id as node name), you might need to search for them before they can be deleted.
If you have lots of users on AEM you might want to think about using ldap or something else for user management.
I don't think there is a direct utility available to do a bulk deletion of users.
CURL commands are easier to execute.
You can use the User Exporter utility in the ACS-Commons (https://adobe-consulting-services.github.io/acs-aem-commons/features/exporters/users/index.html) to download the list of users/groups in the system which will give you the paths of the users/groups.
Once you got the CSV downloaded, you can use the Paths to create CURL commands to delete the list of users.
You can also use applyTo parameter to delete them in a single request https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#deleting-multiple-items
But as there are more than 500, it is best to divide them into individual/fewer commands which will be easier for tracking
Related
I want to retrieve all the individual users mapped to a Confluence space along with the permission granted to them. Is there a method to achieve the same via REST API?
Right now there is no way to get permission info on a space using the REST API.
An option would be to write your own Rest Service (using the Atlassian API diretly or via Scriptrunner) and query that.
A 2nd option, yet a bit cumbersome would be to call the permissions page of the space admin, and use webscraping to get the users and groups, and then expand the groups to get all users in these groups.
Please keep in mind that you might get all confluence users for some spaces which might cause a problem.
Why do you need this information? Maybe there is another way to solve your problem?
I'm working with Shopware.
I've added a new attribute "proxy" to the s_core_auth table for each user in order to show the ability to get access to the Customer Module in the backend, so that if a user is not selected as "proxy" he/she won't be able to make changes in that module.
I need help to understand what I need to write in my plugin's code (maybe having only a Subscriber file.)
I'll be very grateful!
Adding a custom column to the s_core_auth table is not a good idea. What you're trying to achieve can be done with user groups and group rights. From the Shopware Documentation:
With User administration you are able to create new users in the backend and control access rights to areas, modules and plugins in accordance with certain group policies that you define per ACL (Access Control List). Within the ACL you have the possibility to control precisely which user is able to perform which activity. Thus, it is possible to assign certain reader rights to an administration group without granting them authorization to edit or delete.
You can find instructions for User administration inside the Documentation.
I’m brand new to realm and have been digging around in the docs all day today. I come from a sql background and am struggling finding out if what I want done can be accomplished with realm.
I’m wanting to create an app that allows normal users to fill out a simple form, and allow admins to access (read only) these forms. Ideally the admin would see all forms created by users listed in a tableview.
After completed the swift tutorial online, I get the impression that only the user who created the realm object can access it…
Is it possible to accomplish what I described above with realm?
There is no way to query multiple Realm files at once currently. In your use case, I recommend you to share one account (created automatically on your application), write multiple users' data to one file. Or sharing one file for multiple users by using Realm's permission change feature, see also https://realm.io/docs/swift/latest/#modifying-permissions
I'm trying to specify permissions on documents in a MarkLogic 6 database using the rest api.
This is the permissions metadata I'm sending in (permissions.xml):
<rapi:metadata xmlns:rapi="http://marklogic.com/rest-api"
xmlns:prop="http://marklogic.com/xdmp/property">
<rapi:permissions>
<rapi:permission>
<rapi:role-name>arole</rapi:role-name>
<rapi:capability>update</rapi:capability>
</rapi:permission>
<rapi:permission>
<rapi:role-name>brole</rapi:role-name>
<rapi:capability>read</rapi:capability>
</rapi:permission>
</rapi:permissions>
</rapi:metadata>
using this command:
curl --anyauth --user user:pass -X PUT -T permissions.xml \
-H "Content-type: application/xml" \
"http://localhost:8003/v1/documents?uri=/test/test.xml&category=permissions"
When I look at the permissions afterwards, I see:
arole (update)
brole (read)
rest-reader (read)
rest-writer (update)
I expect it to only have the permissions for arole and brole.
The documentation says, "If no permissions are explicitly set, documents you create with the MarkLogic REST API have a read permission for the rest-reader role and an update permission for the rest-writer role." (And yes, I know, this example doesn't create a new document. But it does the same thing if I add a new document and set permissions at the same time using a multipart content+metadata message through the rest api).
Setting permissions via the direct xquery calls (ex. xdmp:document-insert with permissions) using the same user and database works as expected.
How can I keep the rest api from adding these extra permissions?
EDIT:
There's a ticket in with MarkLogic, no target date or version that I know of yet.
In case someone else runs into this, they did give me a workaround: Create new roles (or change existing ones), and give them rest-reader and/or rest-writer 'execute' privileges instead of having them inherit the rest-reader/rest-writer roles, or having a user directly assigned the rest-reader/rest-writer roles.
The internal function docmodupd:write-permissions always combines the input permissions with the output from xdmp:default-permissions. It does that to ensure that rest-reader can read the document, and rest-writer can update it. As far as I can tell there is no API to control this behavior.
If you have a strong use-case for omitting those extra permissions, contact support.
The easiest way to accomplish access via REST but NOT universal access to documents is to create custom roles that you can assign to users in place of the built-in roles. Add default read/write permissions to that role if desired (so that you don't have to specify the permissions on every document insert), along with the REST execute privilege(s) that you want the role to have (http://marklogic.com/xdmp/privileges/rest-writer, http://marklogic.com/xdmp/privileges/rest-reader). Don't assign the rest-reader or rest-writer built-in role to the custom role, just the execute privilege(s).
The custom roles will then be able to use all of the REST endpoints, but will NOT have universal access to all documents created via the REST interface. Searches and document GET requests will return only documents that the custom role has access to, and they won't be able to modify documents that their role does not have update permissions on.
I want to implement database authentication in mongodb.
In order to do that, I found out that I need to first create an admin user and then create separate users for each of my database through mongodb client shell (manually or using a javascript file).
I was wondering if it is possible to add user to the individual databases from the spring application itself but did not get any useful pointers to do this. Is it that this approach is wrong because if this possible the application will always be able to access the database because it itself is creating the user, but external access will still be blocked.
Please let me know how this can be achieved or if it is an incorrect approach.
After you add a normal user via the MongoShell, you can then connect via your application and create either normal users, or read only users.
Note that a normal user can also add users, so the users your application adds may need to be down as read only users depending on your use case and needs.
In the MongoShell, adding a read only user can be done via
use myAppDB
db.addUser("JohnSmith", "CheddarCheese", true)