I have a site where I need to access the user's roles and permissions whose name is stored in domain controller to authenticate them. I am using Vsphere rest api but am unable to find the endpoint for it.I am wondering if it is possible anyway.
You’re correct, the option to access or modify roles and/or permissions is not yet available through the vSphere REST APIs.
Related
I have developed a web application with following architecture:
Frontend : Angular 6
Backend : Java REST APIs with Springboot
I want to add authentication and authorization to it. For that I'm looking for some open source application (e.g. KeyCloak, Gluu etc.). I would like to know in which tool the below scenarios are supported.
There will be predefined set of Activities on UI (e.g. Add, Edit,
Delete etc)
There will be predefined Access Levels (e.g. Read, Write, No Access)
I should be able to create Roles, then assign activities and access levels to those roles and assign those roles to user.
Can you please help me to find out a tool which supports my above scenario?
I tried something for KeyCloak, but i couldn't find a way to add activities, access levels and map roles to it. I think everything there is governed by Role only.
I just realized that I need Activity based authorization and not Role based authorization. Please help me find some tool for that.
I'm not sure what is meant by activity based authorization but i suspect you actually mean permission based authorization, in example: Grant permissions to users to perform certain actions.
Shiro offers you permissions and role based authorization out of the box.
You can create roles, add permissions to these roles and assign them to a user. Supported are implicit and explicit roles, whereas one role can hold any number of permissions. You can even work with wildcards and group the permissions.
For more information you should take a look at the official Shiro entry and especially the web documentation for your project in particular. Shiro offers full support for Spring-Boot applications, you can find a HowTo here.
Shiro fully supports your described scenario.
I want to automate virtual server deployment on SoftLayer using API (REST API preferred). The idea is to create a new user in the portal with API access but I want to restrict its access to only some calls: Order Virtual Server or Get virtual servers detail.
But do not allow the user to access other services like: Bare metal ordering, determine next billing and all operations related to billing/invoice.
Is it possible to limit API access for a user for that use case ?
Thank you.
what you can do using the API is the same that you can do using the Softlayer's control portal, You can see all the permission that you can grant to the users by going to:
Account->Users on menu
Click over an created user and click on permissions
There is a permission to allow to your users see the billing items, this permission is called "View Account Summary" so you can disable the permission and your usaer will not be able to see the invoices. For servers there is a permission called "Add server", but this permission is for Bare metal servers, Virtual guests and for the rest of oders if you disable this permission your user will not able to order neither Bare metal servers nor Virtual guest.
Now using the API you just need to use the method:
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer/addPortalPermission
e.g. using REST:
POST https://$USER:$apikey#api.softlayer.com/rest/v3/SoftLayer_User_Customer/$USERIDOFUSERTOEDITPERMISSION/addPortalPermission
payload:
{ "parameters": [
{
'keyName': 'TICKET_ADD'
}
]}
You can use this method to get the list of all permissions in softlayer:
https://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_CustomerPermission_Permission/getAllObjects
Regards
I'm using Node.js with Loopback (based on Express) for the REST API. It has an ACL implementation that allows you to give/prevent access from/to parts of the API to a Role.
The front-end of the application is written with React and Redux.
The app will have a public and a private part, and I want people to be able to log in to /admin.
Next to the ACL for the REST resources, should there be a separate Authorization mechanism for the front-end?
Say I want to be able to access the #/admin page and my user is part of a role that allows you to look up information about users; How do I decide that my user can access the admin dashboard and how do I decide that my user may add a widget that makes use of the users API, to which his Role has been granted access?
Use flashboard for loopback admin dashboard.
Its automatically generate your admin panel based on your models configs.
vah7id.github.io/flashboard
I need to add users to the groups in Artifactory using REST API. I cannot find any REST API methods available for doing this.I am using PERL scripting to automate Artifactory's REST API calls. Could you please suggest me some ways of doing this?
Thanks in Advance!
The REST API you're looking for is here - it uses a json descriptor for operations as specified here.
If you want to see an example of such descriptor use the get group details on the specific group you're after (use get groups for a list of all your groups).
To add users to specific permission targets you can use get permission tragets, get permission target details and create or replace permission target respectively - This is the json it uses.
As for client usage - any simple REST client implementation will do of course, you don't have to use an Artifactory specific client for that.
Admin permissions are required for such operations - ask your system admin for these if you are not the admin - it's always better to use the API key but basic auth will work as well.
I am trying use Google Drive Rest API. My use case is, I have a google domain with some users and one admin. And I need to access and manipulate all users data from admin account.
Is it possible?
If possible can any one say how?
You have to use a Service Account to authorize your requests. Here you can find a guide that explains how. I'd recommend reading the documentation carefully as using service accounts may be quite dangerous.