The documentation says, you can control permissions at a form control level. If you wanted a group of users to not have permissions on the sales order details form for certain controls, how would you go about doing it?
There's a property in form controls called "Security Key", you can create or just use one that already exists.
If you choose to create, you must link a user group to this Security Key... and if you create the user group, you must link users to this group.
If you don't link any user group to this Security Key, only admins will see.
Or else, you can do something like this in the init method of the form: (I don't recommend)
if(curuserid() == "RT.")
{
formcontrol.visible(true);
}
Related
Is there a feature in moodle that allows users (users that have an access, not guest) to enter the course with a link shared by admin?
What I want is that when a user clicks on that link, a login page appears, after logging in, the user is automatically enrolled in that course.
Moodle version: 3.6.2
Without the need of coding, you could enable the self-enrol enrolment method at course level with enrolment key (defaulting to student role), then provide the link to the course to the existing user you wish he/she self-enrolls as student.
The user, once logged in and trying to access the course, will be presented with a form requesting the enrolment key, once the correct key is provided he/she will be self-enrolled as student.
If you want something more direct, like a token based kind of direct authentication+enrol you will need to use an existing plugin (like this one https://moodle.org/plugins/auth_enrolkey) or write your own.
Our old authentication mechanism had mandatory and immutable email for each user by design. After exporting old authentincation mechanism into the hands of Keycloak 4.6.Final, We are left with old references to users by email as this was in fact used as an id from the beginning of this system.
Keycloak User Management UI is delivered to client as part of a whole system. Now we're facing a problem where the users administrator at the customer's side is able to create users with no email, and even worst, he give a user one email and overtime change it. Leaving this option open is most likely to create bugs for the client as the user base grows.
I've been digging around google, sof, keycloak mailing list search engine, and couldn't find any documentation relating developer's ability to apply configuration on top of particular keycloak distribution which would set features such as mandatory and immutable on some user attributes which are optional and editable by default.
I know that question is old, but maybe someone will need answer.
it's 2022-11 and there is experimentas feature in Keycloak 20. You can enable declarative-user-profile and then customize your user profile and set required fields and other options. user-profile
This feature may be removed in the future, because it's experimental.
And this feature has bugs (tried with 20.0.1). For example, if you add required attribute group, then you can see groups while creating new user and you can select groups. But if you try to save user, then error appears telling, that group is required.
I want to use the user tracker to create a registration form to collect additional user information on Tiki. I have done this by configuring the User tracker and specifying that users can register using the tracker under Admin>Login. However, I do not see where I can specify what fields on the user tracker shows up on the registration form for new users?
Under Control panel, go to "Admin Groups", where you can select the group - "Registered", click on "Edit" and under the field:"Users Information Tracker Fields Asked at Registration Time" , specify the fields you want to show up for new users registering on the registration form.
You could have a look at the User Trackers profile which sets up an example tracker and adds some of the fields to the registration page for you.
N.B. However, as usual, profiles cannot be undone easily (yet) so try this on an example empty Tiki first (e.g. https://demo.tiki.org/16x) and not your production site to be safe.
I have an account setup exactly the way I'd like a number of individuals accounts setup and I'd like to create them as clones of this account so the get the initial set of permissions without me having to manually set all the permission on each account.
Note: It is fine (ideal?) if once the accounts are created that they no longer have a relationship with the original account. For instance, if User A is the base account that is being used to create all the other accounts, once User B is made from User A then all further changes on User A will not be reflected on User B.
Any ideas?
In answer to your question: no, there is no clone/copy user feature in the User Editor in Sitecore.
It sounds like you would be better off creating a role with all these permissions, then assigning this role to any new users you create. You could then modify the permissions of the individual users as necessary.
Note this would not be the ideal solution as it's always better to apply security to roles rather than individual users.
Perhaps you could achieve what you need by creating a collection of roles and assigning different combinations of them to each user?
Try installing this Sitecore Module.This will clone the user in User Manager
SITECORE USER CLONE
Sitecore User Clone is used to create the copy of the user with the same roles, name, email, and profile. It will prompt to accept the new username, password and all the editable fields same like Edit user.
I currently have a user whose Access Rights are messed up and I'd like to reset them. I could be blind but does anyone know of a way to do this?
I am not aware of a way to reset the user rights.
The only way I can think of is deleting the user and create a new one, or write a script that loops to the tree or retrieves al items that the current user has rights on and resets the rights for this user.
Security of an item is stored within the __security field on the item itself. Furthermore, security is stored by the name of the user or role, not by an ID. Deleting a user/role will not modify any item that references that user/role so you effectively get orphaned access rights.
I had created a script years ago that will report on (and reset) the security of items. It is available from my blog post and I referenced it within this similar question. You should be able to modify that script to remove a single user's rights.
So far, the only way I've been able to do this is to go into the Security Editor, select the user, then open every item in the tree and unset every access right manually to the default setting of Inherited.
For instance, there are at least a Read/Write/Rename/Create/Delete/Administer/Inheritance permission on just the Home item alone. Each permission has one of the following states: Inherited/Allowed/Denied/Item vs. Descendant Right/Protected/Not Applicable. If any of those are set, manually unset it. So, if it were set to Allowed, you'd click the green check mark which would unset it from Allowed (I guess you could argue I'm setting it to Inherited).
To get back to square one, everything should be set back to Inherited.