when using https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-industry_roles-GET/
I seem to get all roles from the account, not just project specific roles.
I tested by using a project ID of a project that has no roles, but I still get all the roles created in account admin. I'm using 2leg auth.
Any ideas on how to get only project specific roles? Thanks.
Related
I'm trying to create a user in Keycloak admin console, but it has effective roles that should not be there. In addition to default realm roles, each user, when created, has odd Effective Roles. And I can't understand, where they come from. Even when I delete all assigned roles, effective roles just stay there.
This does not happen usually, seems like a problem with your Keycloak setup and installation.
Have you checked the default roles at realm level? Roles shown in screenshot belong to realm-management client.
If you are using master realm, I'd suggest you to create a new realm other than master and use it.
I'm attempting to assign a service account created in a project to the Group Admin role in Workspaces (GSuite) as part of an experiment to set up IAM automation in Terraform.
I'm essentially following this support guide here: https://support.google.com/a/answer/9807615#zippy=%2Cassign-a-role-to-a-service-account
Once I add the service account to be granted Group Admin, pressing "Assign Role" appears to do nothing. The button visually hovers but no action takes place after clicking it. My only option is to back out and discard the request.
I am signed in as a Super Admin. I've also tried Firefox, Safari, and Chrome hoping it was just a UI bug. I contacted Workspace support and while they were extremely helpful they were not able to find any issue on their end or point me in any direction.
I have also tried assigning a dummy user via the 'Assign User' page and I get the same issue. The button/form just doesn't seem to react or produce any error messages.
Is there something I could be missing in my Org setup?
So considering the UI is broken for me, I ended up using the API Explorer to assign the service account to the Group Admin role in Workspaces (GSuite)
Requirements:
Service Account unique ID, found by navigating to your service account from IAM in the console.
Customer ID, this is the customer ID of your Organisation and can be found in Account Settings in Workspaces or running the command:
$ gcloud organizations list
The customer ID is listed under DIRECTORY_CUSTOMER_ID.
You also need to find the roleID of your Group Admin role, I did this via the API Explorer again, requires your Customer ID
https://developers.google.com/admin-sdk/directory/reference/rest/v1/roles/list
Send a request to that and then check the response for:
"roleId": "XXXXXXXXXXXXXXX",
"roleName": "_GROUPS_ADMIN_ROLE",
You then need to use API Explorer to insert your service account using the above details
https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments/insert
Request body:
{
"assignedTo": "XXXXXXXXXXX",
"roleId": "XXXXXXXXXXX",
"scopeType": "CUSTOMER"
}
Your service account should now be a Group Admin in Workspaces (GSuite)
Trying to create a Project in the Google cloud platform. However, I am unable to due to not having permission to create projects in this location.
I currently have no projected created. So when I try to add myself or another user to the Google IAM & Admin page, it will not allow me because it says I do not have any projects to select.
Is there another way to enable Organization Administrator and Project Creator for Google IAM?
In order to create a Project you should have the proper permissions, mentioned in Creating a project:
To create a project, you must have the ´resourcemanager.projects.create´ permission. This permission is included in the Project Creator ´roles/resourcemanager.projectCreator´ role, which is granted by default to the entire domain of a new organization and to free trial users. For information on how to grant individuals the role and limit organization-wide access, see the Managing Default Organization Roles page.
Given this, you should ask your Organization administrator to grant your user this Role.
You can create a project through the gCloud SDK:
To create a new project, use the gcloud projects create command:
gcloud projects create PROJECT_ID
Where ´PROJECT_ID´ is the ID for the project you want to create. A project ID must start with a lowercase letter, and can contain only ASCII letters, digits, and hyphens, and must be between 6 and 30 characters.
To create a project with an organization or a folder as parent, use the --organization or --folder flags. As a resource can only have one parent, only one of these flags can be used:
gcloud projects create PROJECT_ID --organization=ORGANIZATION_ID
gcloud projects create PROJECT_ID --folder=FOLDER_ID
I'am recently installed Azure DevOps Server 2019 in on-premises server.
However, i'am so confused : How i can set the security and the user permission in the server, such as : Deny user to view author project in the same collection , create custom group not in the azure devops default groups ...
I ask for idea to implement that
Thank you
According to Azure DevOps permission setting, most groups and almost all permissions, Deny trumps Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user will not be able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
Deny user to view author project in the same collection.
Assume you were talking about team project. In your scenario, the simplest way is not add that user to your team project. People without team project collection admin permission will not be able to see those projects which they are not added in.
If you already add users in the team project and want the user not be able to see some info such as repo/build/work items in the project .
You need to evidently deny those users for viewing some project repositories/builds/ work items.
As how to create group, you could directly click New Group in the right top corner of the page from Project Settings-- Permission
More details about how are permissions and groups defined, suggest you go through our official doc here-- About permissions and groups
Besides, you could also manage user permission with the help of command line. The tfssecurity command line tool allows us to manage permissions for Azure DevOps groups and users. We could use it in a PowerShell script to grant access to projects that already exists.
I configured LDAP as User Federation (with role-ldap-mapper) and successfully imported users with their roles to Keycloak.
When I go to Users->{user}->Role Mappings I see every roles that are signed to a user (imported from LDAP), but when I go to Roles->{role}->Users In Role I see nothing.
Is it a bug or a feature? Or maybe I configure something wrong?
Users roles
Empty Users in Roles
LDPA Role mapper configuration
I faced the same issue. I changed the Mode (inside LDAP role mapper) to Import instead of READ_ONLY and I was able to see users under a role.
Please create mapper of type msad-lds-user-account-control-mapper.
It works for me.