Single sign on multiple django project - django-orm

In our business case there are three projects as follows:
ProjectA
ProjectB
ProjectC
ProjectA will contains the user registration, So if a user registed with ProjectA then he can access the projects(ProjectB, ProjectC, etc.) except the admin login. Each project having different admin site login.
In this scenario we used django multiple database concept with routers:-
http://dustinfarris.com/2012/2/sharing-django-users-and-sessions-across-projects/
After that the user and session will be routed to corresponding projects(I can able to get ProjectA users in other projects and also create a record with that user.)
The problem is while accessing the admin it use default(local database based on the router). But while updating the record it throws the following exception:
User matching query does not exist
(It checks the ProjectA user in local database)
My question is is there any possibility to specify the database(in router) for a particular action in admin? (When i login, display the list,etc. the admin needs to be use default db and while update the records related to ProjectA user means its need to be access the router db) Please anyone advise on this, thanks.

Related

Issues Changing Azure DevOps Project Level Service Connection Security Users/Roles

As the Azure DevOps admin at my organization I want to automate our standards for Service Connection security--but I'm at a standstill because I can't seem to make straight forward changes to Project level Service Connection security manually via the ADO web portal.
Specifically, if I go to an ADO Project, go to Service Connections under Project Settings, and open up the Security page for it, I see a number of "Assigned" groups, each of which I can change and save the Role of (i.e. to Administrator, Creator, Reader, or User). All's fine and dandy there. However, if I "+Add" a user/group, it defaults to "Inherited" Access and when I change and save to a role other than the original one I added it with, the changes don't take. Likewise, there's no way to remove any user/group that's been added.
Has anyone else run into this issue? And if so what's the solution? And why are new users at the project level being marked as "inherited" and if they're inheriting from somewhere, from where?
Tried adding a new user at the ADO Project Service Connection Security level. Tried changing user Role. Changes don't take. Can't remove user.

LDAP User login succesful without Role membership

My Rundeck detail Rundeck version: 4.10.0
install type: DEB
OS Name/version: Debian 11
DB Type/version: h2
A LDAP user without a Role membership can properly login but can not see any Projects - so far fine.
How can i block such a user to Login at all?
We have one "userBaseDn" Group (userBaseDn="cn=Users,ou=PROD,dc=company,dc=com") in which all users are stored. But of course, only users in following roleBaseDn (roleBaseDn="cn=Rundeck_Admins,cn=Applications,ou=PROD,dc=company,dc=com") Group should have access to Rundeck Web UI.
I expect, only users in Group "Rundeck_Admins" can Login to Rundeck at all
Currently, you can only restrict that using an ACL policy (the user can log in but cannot view/edit/run any project/job, as you say), please take a look at this.
Alternatively, you can create a specific branch in your LDAP server only for Rundeck users.
Currently, means there will be a change on this behavior?
As far a i understand LDAP right, for a specific LADP branch in which a place users, i have to manage users twice. 1st, in user directory and 2nd in the specific Rundeck Group. For me quite unhandy...

Linking active directory user with SQL SERVER login account

Good day. Am working in an environment that requires a security approach for checking users account (users in the active directory are changing data in the SQL SERVER).
I want to link/tie the users of an active directory to the SQL server account login account.
Am working with Powershell, i type Get-ADUser -filter *, it gives me the list of all listed users. If i log into my SQL SERVER with "winnie", how do i link/tie the active directory user with the sql server user called ""winnie"
You should never give users access to a database by single Windows User or by SQL User. The reason for this is because of the security later on. It will be better to manage and audit a group compared to giving out single users. If you have to restore that database to a new system. It will provide better security between a Production system and a Test system.
The only user who should have access to a database is the SA account. The others should be controlled by Security Groups.
How do you do this:
In SQL Server Management Studio, go to Object Explorer > (your server) > Security > Logins and right-click New Login:
Then in the dialog box that pops up, pick the types of objects you want to see (Groups is disabled by default - check it!) and pick the location where you want to look for your objects (e.g. use Entire Directory) and then find your AD group.
Any member of that AD group can now login to SQL Server and use your database.
Add the Read or Write permissions to the Security Group of choice. Limiting security issues it the future.
Best Practice:
Create Security Groups
Security Group naming convention exmaples:
SG_DBNAME_READ
SG_DBNAME_WRITE
SG_DBSERVER_ADMIN

Report Server - User permissions to access all users folders

I have a application .net that search a folder on report server and reads the reports inside that folder and display on asp.net page. The permissions for the asp.net user are working fine to deploy and execute on website.
Now, I want to users to deploy on "My reports" folder, so they only see theirs reports.(The users have access to report server and use report builder).
I search and I could not find a solution for this:
I want to give permissions to an a user (the same that is running on asp.net server), to access all "My reports" folder of all users(Users Folder), so I can execute the reports inside users folder on website.
I put the asp.net server user as local administrator of the report server, but with that permission te user can only see the content of the folder, this user can not execute the report. Any idea what is the problem?
I finally found a solution, and does not involve add users to local administrator of the machine.
I used the IAuthorizationExtension.
I found this example that enable anonymous access for all users witch was a start.
On my implementation I used WindowsAuthorization, because I want to keep the existing authorization and give access to one specific user. On all CheckAccess methods I check if the user is the one I want to give access and return true otherwise return the WindowsAuthorization.CheckAccess(...). On all others methods of the interface I also used the WindowsAuthorization.
With this solution the user running website can access all content of reporting services.

SSRS Shared folder subscriptions credentials

We are creating reports and try to deliver them using a shared folder adding a subscription for that, but when we created it as for user credentials and we can add them for test proposes but the environment on prod, for security reasons we cannot put the credentials on it because IT uses all with windows authentication for security reasons.
Is it any way to set a windows user to deliver the file on the shared folder without add it when is configured?
The parameters for the database and the database server can be set in the data source as an expression, however you eiteher need to define a "ReportAdmin" user to always publish the reports with. The publisher should know the credentials prior to deployment. Other than that the data source will balk and inform that it needs credentials to run the operations :(