I'm working on JasperReports Server community edition.
I need to configure it so, that after logging in a user can only see specific reports, otherwise s/he should not see any other folder/resource.
As per Jaspers permission Guide, it should work with this solution but does not work somehow.
A new role eg "TEST_ROLE" was created by jasperadmin.
A new user "TEST_USER" was created and the role "TEST_ROLE" was assigned to him/her.
Now for the "TEST_ROLE:
For Repository root, permission No Access was set.
only on specific reports Read onlypermission was granted.
But when TEST_USER logs in, he sees below message:
You do not have permission to view this page.
Please contact your system administrator or log in as a user with permission.
Why it does not work?
Question2:- User with role "TEST_ROLE" should not be able to upgrade his permission. Is it achievable with permission Read only as I have described above?
Question3:- I did not get what's the diffence between Execute only and Read only permissions?. What I could comprehend that user can view/execute self created reports with execute only permissions?
The difference between Execute Only and Read Only is that those resources which have Execute Only cannot be 'seen' by the user but can be executed.
This becomes relevant when reports that the user can see are dependent on other resources in the repository eg datasources, domains, images etc.. .
To run the report the user must also have access to these other resources.
If you want to restrict the user to only to be able to view reports they can run then set the reports to 'Read Only' and set all dependent resources to 'Execute Only' on the relevant role.
This is what is possibly causing the permissions error you are seeing.
Related
I am attempting to add the "Amazon Web Services" Application to Google Workspaces.
I have been assigned the super admin role, in the admin dashboard. So, to the best of my knowledge, I should have permissions to add an application. But I keep getting the error message "Can't add Amazon Web Services. Please try again.". Which unfortunately is not particularly helpful in trying to understand what the problem is. I have tried different browsers, signing out/in etc. all to no avail.
However I must be missing something as the organisation owner is able to add the application with no issues, does anyone have any idea what could be preventing me from doing this?
Just to add, I have confirmed that I have the same roles attached as the organisation owner.
If your account has been assigned the role recently it is expected as it usually takes up to 24hrs for a role to fully propagate. After that you should be able to add it with no issues.
That is documented here
I am in the project administrator group, since we have a requirement to set the shared query to read-only to Contributors, I toggled the permission for Contributors to Deny except for "Read"
When I try to create new shared query, it says:
TF401256: You do not have Write permission for query Shared Queries.
I clicked on the three dots and bring up the "Permission for Shared Queries" menu, searched my name and a few other people in the Project Administrator Group or Project Collection Administrator Group, it shows all "Deny" permission except for the "Read" for all of us.
When I hover over, it says our permission is being inherited through the {project}\Contributors, but we are in the Administrator group.
Why is that and How can I fix it? I cannot even overwrite the permission. It is stuck at being inherited from the Contributor group.
enter image description here
It seems you are in a different group(project administrator group and Contributors), check this doc:
In the Azure DevOps, for most groups and almost all permissions, Deny overrides Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user is not able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
This is why you get the error message. You could open project settings->Permissions->Search the permission group {project}\Contributors->click the tab Members and remove your account. Then you could create new shared query
Update1
Steps:
Open project settings->Teams->select the team->click the tab Settings->add Administrator, then we could move our account.
link to MS forum for this issue (or similar posted by other people):
https://developercommunity2.visualstudio.com/t/Project-administrator-cannot-save-shared/1339863
It just doesn't sound right to me that in order to have admin permission you cannot be in any team. That maybe workable for a test account but for an organization this workaround or restriction could mess things up a lot.
I created a log-filter to filter logs for specific jobs in a project to see those failed jobs. I created this log-filter as admin user. But when I login as other users , that log filter is not visible to choose from for those users, possibly privilege issue ? Instead I can search manual but then as logged in as a user other than admin if I want to save that search log-filter its not saving and no error shown as well.
My requirement is I want to save some log-filters for few jobs and make it available to all limited privilege users to use it.
Is there any aclpolicy I can add to do it. Please share how I can achieve it.
Rundeck Version : 3.3.1
OS : CentOS 8
Backend: MySQL
Java: 8
Researching the internal Rundeck architecture, that values (filters) are linked to users. If you check your filters and later check the database structure it seems that filters are linked to users. You can suggest that as enhancement here or add the same filter to other users.
I have a user who is a manger and want to grant access to the following area so they can continue editing a profile field:
Home / Site administration / Users / Accounts / User profile fields
When the user tries to access the area, they get an access is denied error.
I tried viewing the Define roles for the Manager, but couldn't find the correct one for that page.
Is this even possible?
I am on version 3.6.3.
The user needs the moodle/site:config capability which will give them access to pretty much everything.
You could try creating a new capability or using an existing capability, then editing this line in /admin/settings/users.php
$ADMIN->add('users', new admin_externalpage('profilefields', new lang_string('profilefields','admin'), "$CFG->wwwroot/user/profile/index.php", array('moodle/site:config', 'newcapabilityhere')));
on the Sitecore Workflow and Security reference data sheets, i see these:
Workflow State Delete controls whether or not a security account (user or role) can delete items which are currently associated with a
specific workflow state
Workflow State Write controls whether or not a security account can update items which are currently associated with a specific
workflow state
Workflow Command Execute controls whether or not an account is able to view workflow commands
So, i'm on the Security Editor, adding permissions to my creator and publisher roles, so it really makes sense to me adding Delete and Write permissions to individual workflow states, but i don't see an Execute column for commands. How am i supposed to set these permissions for the roles?
The image below should answer your question: