Is there a way to change the default organization in Bluemix? Right now every time I login to Bluemix, the organization listed is my teammate's org. I want to have Bluemix default to my organization. Thanks!
Bluemix saves your configuration (organization and space) in a browser cookie.
The first time you login it will default to first organization in alphabetical order and the first space in alphabetical order within that organization.
After you change to your preferred organization and space and logout from Bluemix, the next time you login Bluemix will default to the new organization and space.
The only exception is if you are using a private or incognito browser that will disable cookies or if you delete your cookies, in which case it will default again to the organization using alphabetical order.
Related
I am using Github Enterprise v2.13.5 and want to activate dormant users. Currently Github automatically activates the dormant user when they log back in. But I need to explicitly activate all dormant users
The /users API does not tell us whether a User is dormant or not. There are some manual workarounds for at least identifying the inactive users , but most that I found are not feasible in practice.
If you do not need any information on which user was dormant, you could write a little script that automatically creates impersonation tokens for each user and (in their name) do one arbitrary action on Github:
With your account, create a project [yourname]/un-dormant-project
For each known user (get via /users API):
a. Create an impersonation token
b. In the name of the user, perform an arbitrary action on [yourname]/un-dormant-project
c. Delete impersonation token
I assume that you must not delete the project you created because otherwise the users will become dormant again very quickly.
Disclaimer: I did not try this approach out.
If the service principal is created through VSTS, Is there a key rotation needed?
Yes, you can check the expires day as follows:
Log on azure portal and switch to corresponding AD
Click Azure Active Directory
Click App registrations
Select All apps
Click the corresponding application (the application name likes {vsts account}-{team project}-{subscription id})
Click Settings
Click Keys
Check expires day
I'm having an issue with the CloudSQL connection on a specific account.
If I use account A to preview the project it works fine, yet account B with the exact same cloudSQL credentials is unable to preview, account B is the owner of the project.
They both have the same IAM roles in the cloudSQL project and both accounts were able to preview last week.
I've tried deleting cache, navigation files and another browser using account B.
Any ideas?
I'm going to add a new answer to resolve this because I think it's worthwhile to keep the previous answer and discussion intact. The issue here was that the accounts which did not work have the "Viewer" role in the IAM & Admin section of the Google Cloud SQL project. The Viewer role gives (among other permissions) read access to Cloud SQL, but not write access.
The best role to use if restricted access is required, but they need full access to read/write SQL, is the Google Cloud SQL Client role. See https://cloud.google.com/sql/docs/mysql/project-access-control for more information on roles and what access they give.
Thanks for Juan for help tracking all this down.
Edit: It's also worth mentioning that the reason this works in the Editor, but not in Preview/Deployments is the editor is explicitly whitelisted for access (as one of the steps we ask you to do in the documentation), so it doesn't use role permissions for a particular account, while access through your deployments is not explicitly whitelisted in this way, so role permissions are enforced.
Do the following, in Incognito windows in Chrome (to make sure you're using the correct account):
1) Log into the account it is not working with.
2) In the Google Cloud SQL tab, press Update, and enter new credentials, wait for it to finish, and then try to preview.
3) Assuming this does not work, now close your incognito window and log into the account it is working with.
4) Repeat step #2 (entering new the same credentials).
If you cannot access it after step #2, but you can access on step #4, and if both users can modify the SQL model from App Maker, then there is a probably strange bug we (the App Maker team) needs to look into.
In SoftLayer, there's concept of Account and multiple users can be created under that account. Is there similar concept in Bluemix? Is there like Bluemix account that gets created then multiple users can be created under the same account such that when these users subscribe to new services the account gets billed?
I know that in Bluemix there's Organization and space. And I can invite another user/org/account(?) to share my resources. But can that invited user subscribe to a service on behalf of the organization that invited the user? (i.e. the invited organization gets billed?)
If I am understanding your question correctly, I think that you want to be sure that the individual is given the Developer role in the space. As stated in the docs, here is the definition of the Developer role:
Space developers can create, delete, and manage applications and
services within the space. Some of the managing tasks include
deploying apps, starting or stopping apps, renaming an app, deleting
an app, renaming a space, binding or unbinding a service to an
application, view the number or instances, service bindings, and
resource use for each application in the space. In addition, the space
developer can associate an internal or external URL with an
application in the space.
This information came from this URL:
https://console.ng.bluemix.net/docs/admin/users_roles.html
I've just integrated my app with IBM's SSO via Cloud Directory. The idea here is that I want access to be very secure and only authorized users (pre-approved) can access the application (e.g. website in this case).
However, I've just realised now that anyone that goes to the app's webpage can, instead of logging in, just select "Register New User" and fill in some details and he's given access? Is there a way to:
1) EITHER keep that registration form, but require one of the admins to approve it before access is given? (better solution)
2) OR completely remove the self-registration option?
As the current situation is far from secure for what I need.
Thanks a lot!
I talked with the support team and that is the best (only) way to do it, just remove the links from the HTML templates.