I read the moodle user:update document. The Manager supposed to have the update user profile permission.
I have assigned a user with Manager systemwide role.
I checked on the Manager role on moodle/user:update, it is set to Allow.
I checked on the user permission, moodle/user:update is set to No
The user is inheriting the following roles.
Manager in System
Authenticated user in System
Can someone give me a clue? or is there any tools I can use to debug which rules override the status?
Thanks.
It is a bug. The fix will be released next week.
I am using version Moodle 2.8.3+ (Build: 20150205).
https://tracker.moodle.org/browse/MDL-50917
Related
My Rundeck detail Rundeck version: 4.10.0
install type: DEB
OS Name/version: Debian 11
DB Type/version: h2
A LDAP user without a Role membership can properly login but can not see any Projects - so far fine.
How can i block such a user to Login at all?
We have one "userBaseDn" Group (userBaseDn="cn=Users,ou=PROD,dc=company,dc=com") in which all users are stored. But of course, only users in following roleBaseDn (roleBaseDn="cn=Rundeck_Admins,cn=Applications,ou=PROD,dc=company,dc=com") Group should have access to Rundeck Web UI.
I expect, only users in Group "Rundeck_Admins" can Login to Rundeck at all
Currently, you can only restrict that using an ACL policy (the user can log in but cannot view/edit/run any project/job, as you say), please take a look at this.
Alternatively, you can create a specific branch in your LDAP server only for Rundeck users.
Currently, means there will be a change on this behavior?
As far a i understand LDAP right, for a specific LADP branch in which a place users, i have to manage users twice. 1st, in user directory and 2nd in the specific Rundeck Group. For me quite unhandy...
I configured okta snowflake SSO. I assigned users as well. I configures scim which has permission to create users, deactivate users, sync password. After i configure scim i am having errors for existing users Automatic provisioning of user to app snowflake failed. Error while creating user. Conflict. Error reported by remote server. User exist with given user name. Same thing happening when I am assigning the app to existing user with same user name. Is there any way to fix it or is it best to remove scim.
In order for the merge to be successful, the login mapping needs to be exactly the same (the rest gets updated by okta). So make sure users can login via SSO first.
You also need to transfer ownership manually. Documentation provides this command:
use role accountadmin;
grant ownership on user <user_name> to role okta_provisioner;
Snowflake SCIM doc
How do you access or enable the old KeyCloak user account console? In this blog post about the new user account console, they say "The old account console is still available for those who need it", but I cannot find out where to enable that.
You need to :
Go to your Realm;
And in Account Theme explicitly chose "keycloak"
Click Save
In the Account dropdown menu you will see at least the follow:
base;
keycloak;
keycloak.v2.
By default the new version is selected keycloak.v2. keycloak refers to the "old" version.
A person sets a trigger with manager level.Now that person has been downgraded from manager role to viewer role in g suite shared drive. What will happen to the trigger?
is the role relevant to the Google Admin Console roles? I mean there are some custom schemas that you can set for your organization and you can add one as a manager but that does not means that it has a Super Admin role.
If was a Super Admin and the trigger has something to do an API that only a Super Admin can use then it may stop working, now if the trigger has nothing to do with any of these APIs like the Admin SDK it should keep running.
You can provide a sample of the trigger or explain what it does to provide you a better response but I hope this helps. Greetings
I am struggling with the keycloak role-ldap-mapper. We have an Active Directory Service internally where Users can ask for roles. Roles are assigned/removed by another tool and saved into the memberOf Attribute in AD.
Keycloak imports the roles correctly at the users first login, but somehow when the user is already there, roles are updated in AD, they are not synchronized to Keycloak. I just want roles to be synchronized regularly from AD to Keycloak, not the other way around (I am not supposed to write into the AD).
Is it a Bug? Works as Designed, or am I configuring something in the wrong way?
I am running 2 instances, Version 3.1.0 and 3.4.1.
I already played around with the LDAP - periodic synchronize changed/full feature but no success.
Do I have to specify the memberOf Attribute somehow specifically to be synchronized?
Thx for help.
Solution found:
I have updated Keycloak to the newest Version (3.4.3). Now it works for me. Seems to be an issue in the previous versions.