I'm wondering if for Composite C1, if each site should have its own instance, or if the one backend interface can be configured to host multiple sites.
I noticed that using user permissions I can make one user see only their content, not another's.
What are the best practices with regards to this? For each client, deploy a fresh, separate instance of C1?
In Composite C1, you can create more than one website. Each website has its own homepage (the root page of the website) and you can assign permissions on pages for both users and user groups.
For more information read these articles:
URL configuration in C1
Assign local permissions
I think you should look into the license. From recent contact with the makers of Composite I understand that 1 install can be used for 1 legal entity (client). Technically you can setup more then one website in Composite.
Related
I scrolled through the documentation of KeyCloak and also set it on my machine to explore.
I also explored fine-grained permissions however I didn't get much detail in documentation around the n-level of nested hierarchies.
Here https://www.keycloak.org/docs/latest/server_admin/ this talks about limiting an admin user to particular client management, however, I want certain users, within the client, to be able to create accounts but with scopes and attributes limited to what's assigned to themselves.
For an example:
For a client(ERP>Transactions) we want to create an Org(our customer) Admin who in return will create teams and team admins. Team admins shall be able to invite their teammates in there.
Now I just want to know if only Keycloak can be used to make sure a user in one Org shouldn't be able to create a user in some other org, in the same way, a team admin shouldn't be able to onboard/invite a user in some other team.
Because if Keycloak in principle can't handle this, our team will start writing custom logic in our application code base for this.
Let's assume I have a project similar to the google sample code:
https://github.com/googlesamples/android-architecture-components
I want to add an account system to the app. How can I persist data and make the following scenario work:
go to persistent-data-fragment and load data from backend
log out
log into a different account
go to that same fragment
As a result, I should not be able to see the first user's data and instead load them from backend for the second user. How to use Room for that?
It a generic question, so I can answer with a generic answer :).
1 - on the server side you need to authenticate a user that access to REST services. There are many ways to do this. JWT is a good solution. Start reading this article.
2 - on the client side, probably you need to introduce in your database a user table and link other database's entities to user identity. Using Room you have to declare a user bean and then link them to other room entities.
I hope it helps.
I'm working with Shopware.
I've added a new attribute "proxy" to the s_core_auth table for each user in order to show the ability to get access to the Customer Module in the backend, so that if a user is not selected as "proxy" he/she won't be able to make changes in that module.
I need help to understand what I need to write in my plugin's code (maybe having only a Subscriber file.)
I'll be very grateful!
Adding a custom column to the s_core_auth table is not a good idea. What you're trying to achieve can be done with user groups and group rights. From the Shopware Documentation:
With User administration you are able to create new users in the backend and control access rights to areas, modules and plugins in accordance with certain group policies that you define per ACL (Access Control List). Within the ACL you have the possibility to control precisely which user is able to perform which activity. Thus, it is possible to assign certain reader rights to an administration group without granting them authorization to edit or delete.
You can find instructions for User administration inside the Documentation.
Currently we have a user guide sitting in Confluence. We want to give access to this page to all users of the product. What is the best way to do this?
Do I put the user guide into its one space and make it public. Then would I need to make a group defining all my users on our product?
It would be ideal if the users did not have to log into confluence in order to view the user guide. The most important piece is we do not want to give access to the user guide to everyone to view.
If you want to grant access to the users of that product, you need to create a group, and then, give access to only that group. If users don't need to log into Confluence, then, anyone could access.
Another approach is to use Comala Share It (disclaimer, I work in Comalatech). This add-on allows you to create a unique URL, which could be shared with the users of your product, so only them could access. Of course, if the URL is shared with anyone outside the group, that person could access too. Guess the public URL is not possible, since it uses a secure token.
Regards,
Gorka
I am an OpenID neophyte, so please correct me if I'm using the wrong terminology, but here's the problem I'm trying to solve:
I have a web site, let's call it "LB" which has a database. I've also created my own OpenID Connect identity server "IDS", and configured LB to use it for logging in. IDS doesn't have its own database, it's using LB's database.
Now, I want to introduce a CMS (like WordPress or Umbraco or whatever) into the mix. I want the CMS to use IDS, so that a single sign-on can be shared between LB and CMS. That seems relatively straightforward to do with a plugin like this one.
So now, suppose there is some bit of data in LB that I want to integrate with the CMS. Maybe while on the CMS site, the user can go to a profile page or something, and I want to show some interesting bits from LB on that profile page. Could be something dynamic that is affected by the user's activity in LB, maybe a HTML snippet, an image, or just some raw JSON to put into a template. Is the UserInfo endpoint what I should be using for this? (E.g. CMS asks IDS for the info) Or should CMS talk directly to LB somehow (and if so, how)?
The question is a bit abstract so I may be off, but if you want to return an arbitrary data, then it probably is better to create a new endpoint representing that "protected resource" such as https://LB.example.com/activities. You get an access token with OpenID Connect login, so you can use that to access this oauth protected resource.