SoftLayer API user access restriction - ibm-cloud

I want to automate virtual server deployment on SoftLayer using API (REST API preferred). The idea is to create a new user in the portal with API access but I want to restrict its access to only some calls: Order Virtual Server or Get virtual servers detail.
But do not allow the user to access other services like: Bare metal ordering, determine next billing and all operations related to billing/invoice.
Is it possible to limit API access for a user for that use case ?
Thank you.

what you can do using the API is the same that you can do using the Softlayer's control portal, You can see all the permission that you can grant to the users by going to:
Account->Users on menu
Click over an created user and click on permissions
There is a permission to allow to your users see the billing items, this permission is called "View Account Summary" so you can disable the permission and your usaer will not be able to see the invoices. For servers there is a permission called "Add server", but this permission is for Bare metal servers, Virtual guests and for the rest of oders if you disable this permission your user will not able to order neither Bare metal servers nor Virtual guest.
Now using the API you just need to use the method:
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer/addPortalPermission
e.g. using REST:
POST https://$USER:$apikey#api.softlayer.com/rest/v3/SoftLayer_User_Customer/$USERIDOFUSERTOEDITPERMISSION/addPortalPermission
payload:
{ "parameters": [
{
'keyName': 'TICKET_ADD'
}
]}
You can use this method to get the list of all permissions in softlayer:
https://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_CustomerPermission_Permission/getAllObjects
Regards

Related

ms Graph api, calendarView 403-accessdenied error

First, I'm using Spring, Jetty, Retrofit.
When I use calendarView in local, they return the successful values successfully.
But, When others connect to my local server and call this api, it always returns me 403-AccessDenied error.
(additionally, When they call another ms api, they return the successful values.)
I think I have set all the recommended permissions in Graph api.
But this could be my illusion.
In order for someone else to call api from my local server, what should I do?
Or Am I missing anything on this matter?
These are my permissions.
"openid",
"offline_access",
"profile",
"User.ReadWrite",
"Mail.ReadWrite",
"Calendars.ReadWrite",
"User.ReadBasic.All",
"BookingsAppointment.ReadWrite.All"
This is my azure info.
And I'm using this calendar view api
https://learn.microsoft.com/en-us/graph/api/calendar-list-calendarview?view=graph-rest-1.0&tabs=http
And Using This URL in my code(in this case, I'm using batch request)
GET | "/users/"+getAddress()+"/calendarView?startDateTime="+getStartTime()+"&endDateTime="+getEndTime()
Based on your description, other users are trying to access the calendarView of the user "{Room}".
In this case, you need 2 more configurations.
User "{Room}" gives mailbox permissions "Full Access" to other users
in Office 365. See Use the EAC to assign permissions to individual
mailboxes. (you should be able to find the room under
Resources. And the process can take up to hours for the changes to propagate through the system and be in effect.)
Add one more delegated permission: Calendars.ReadWrite.Shared into
the app registed in Azure AD.

is there anyway we can access permissions and roles of users using vsphere rest api?

I have a site where I need to access the user's roles and permissions whose name is stored in domain controller to authenticate them. I am using Vsphere rest api but am unable to find the endpoint for it.I am wondering if it is possible anyway.
You’re correct, the option to access or modify roles and/or permissions is not yet available through the vSphere REST APIs.

Change Magento 2.1 guest permissions to access web api catalog/products

I would like to change the permission settings for the anonymous role (Guest), so that without any authentication I can see all products.
http://magento.dev/rest/V1/products
I understand, that I can edit:
/magento/vendor/magento/module-catalog/etc/webapi.xml
to allow for anonymous access, but that seems hackish.
When I try this endpoint:
http://magento.dev/rest/V1/products
I get the following result:
{
"message": "Consumer is not authorized to access %resources",
"parameters": {
"resources": "Magento_Catalog::products"
}
}
I am new to Magento, so maybe this approach to the REST api is wrong and there is another way to retrieve list of products in JSON format without elevated permissions.
Thanks in advance.
In Magento 2.1. anonymous access to many endpoints has been restricted. You can disable this restriction, according to the documentation:
To disable this feature, log in to the Admin panel and navigate to Stores > Configuration > Services > Magento Web API > Web API Security. Then select Yes from the Allow Anonymous Guest Access menu.

How do I implement Authorization with a Single Page Application and REST Backend?

I'm using Node.js with Loopback (based on Express) for the REST API. It has an ACL implementation that allows you to give/prevent access from/to parts of the API to a Role.
The front-end of the application is written with React and Redux.
The app will have a public and a private part, and I want people to be able to log in to /admin.
Next to the ACL for the REST resources, should there be a separate Authorization mechanism for the front-end?
Say I want to be able to access the #/admin page and my user is part of a role that allows you to look up information about users; How do I decide that my user can access the admin dashboard and how do I decide that my user may add a widget that makes use of the users API, to which his Role has been granted access?
Use flashboard for loopback admin dashboard.
Its automatically generate your admin panel based on your models configs.
vah7id.github.io/flashboard

Is there Box rest api to fetch folders connected to a user?

Below rest api provides the membership details of a box user:
https://api.box.com/2.0/users/335014321/memberships
Is there a similar api that will fetch folders connected to box user?
I have tried below rest endpoint but gave response status:
405,"code":"method_not_allowed".
https://api.box.com/2.0/users/335014321/folders
You would probably not be able to get the folders connected to a box user without the oauth token from that user.
If you are an admin of a box enterprise account. You can use the As-User header. You can take a look at this
https://box-content.readme.io/reference#as-user-1
You would have to get an access token as an admin to be able to use the As-User call as well as sending a Support Ticket to Box Support to ask them to activate your application to allow the usage of As-User.