here is my doubt.
issue:
we have three teams each team have their respective head.so i want to assign all the members of the team to their respective head and when the head of the team opened his suitCRM dash board he must see only his supporting team and same for the other two cases.
when i am trying to create that hierarchy using suiteCRM it is not happening
can anyone help me out
Create 3 security groups for each of the 3 heads and assign individual team members to that security group.
For the case of ACl, go to the Admin > ACL Roles, create 2 different roles i.e
Team Head
Team Member
For the Team head, assign the role to the Head of the team and give necessary module access according to group, so they can only access information of individual team members under their security group.
For Team Member, assign owner ACL, so they can only see their own activities and not other team members activities or set it as group for Team activities based on your requirement.
Related
I'm trying to find all users that are permitted to access a site in SharePoint Online.
I can do that via the SharePoint REST API using the following request:
https://<tenant>.sharepoint.com/sites/<site>/_api/web/RoleAssignments?$expand=Member/Users,RoleDefinitionBindings
The response contains some hidden technical accounts, users that have been granted permissions explicitly, and the default SharePoint site groups for members and owners.
The SharePoint site member group is presented with the following LoginName:
c:0o.c|federateddirectoryclaimprovider|<UUID>
Where <UUID> is the id of an Azure group. I can then resolve its members using the Graph API. However, there is a user missing here that is listed in the SharePoint UI as an owner of the site.
The SharePoint site owner group, however, is presented with the following LoginName:
c:0o.c|federateddirectoryclaimprovider|<UUID>_o
Where <UUID> is the exact same id as before. So I can't resolve its members using the Graph API as the UUID gives me the member group and the UUID including the suffix is an invalid group identifier.
Furthermore, the SharePoint REST API seems to treat this owner group (as well as the member group) like a user rather than a group, so I couldn't find a way to resolve its members using this API either.
So how can I resolve the actual users that are owners of a site?
Thank you very much!
Isn't it as simple as that?
https://<tenant>.sharepoint.com/sites/<site>/_api/site/owner
The solution is described here: https://learn.microsoft.com/en-us/sharepoint/modern-experience-sharing-permissions#team-site-permissions-and-office-365-groups
When you add owners or members to the Microsoft 365 group, they're given
access to the SharePoint site along with the other group-connected
services. Group owners become site owners, and group members become site
members.
Which means you can retrieve the site owners with the following request:
https://graph.microsoft.com/v1.0/groups/<UUID>/owners
Is it possible to have multiple profiles for a PIM role within Azure? If not, is this something that is on the roadmap?
Question from customer: "as you know you can customize the roles to specify the window for that privilege, the approvers and so on. Could you have multiple profiles for each role in the future?"
This is possible with the privileged access groups feature. Simply create two groups, apply different policies and make the users eligible for the group (do not assign the group as eligible, since the members are eligible for the group, which would require them to activate twice). Documentation can be found at aka.ms/pag
Thanks Steve, but what I can see it's only for Azure AD roles, right? It's not possible to assign Azure resources.
Thanks again!
When you create a new privileged access group you can only assign Azure AD roles but not Azure resources roles during the creation, that's what I meant... because with that you can modify the properties for that specific role, in terms of time of the privileged mode, who are the approvers, and so on... will it be available in the future?
Do we know when will it be in GA?
Thanks!!
Ignore assigning roles at group creation time. Simply create the role and enable it for role assignment (this part is required if you want to use it with PIM). Once it's created (even with no AAD roles assigned to it) you can enable the group for Privileged access. After enabling the group for privileged access you can assign members as Eligible, and configure assignment and activation settings for the member and/or owner roles. ETA for GA of this feature (privileged access groups) is end of the calendar year.
I was wondering how would I go about provisioning a team that will have hundreds of guest users?
I looked at PowerShell and School Data Sync, but it's only possible to add members within the organization. Is there a way to add about 13.000 guests (in an organisation that has 250 employees), without having to add them individually?
It's an EDU tenant.
We would split 13.000 users to multiple teams, so 10k limit will not be reached per team.
Thanks
Well there are two ways to do this. One which you already mentioned - PowerShell - You can add people outside your organization(Guests). Adding guests is a two step process. 1st you need to invite user, 2nd add him to the team. Check this documentation for how to add the guest and how to add bulk users using PowerShell script.
And second option is to use api.
As per my knowledge, you have to add guest users in azure active directory. If you need some special features like MFA then for guest users you can add up to 5 guest users for 1 license otherwise there are no restrictions. In the past I created 132 guest users for my azure account.
Yes, it is possible to add guest users in your Teams organization.
Add guest users as mail contacts in your exchange organization
Add the contacts in to Teams
You can find a short video tutorial prepared in my blog explaining this in the link shown below:
If you are looking for the solution which I explain in my blog, I can help out further in preparing PowerShell script to add all users by PowerShell cmdlet
Add External Contacts in Microsoft Teams
Thanks,
Manu
I'm building an internal web app and struggling with some DB design theory.
I've already got roles & permissions set up with Laravel & Entrust, but i'm trying to add extra functionality of Scopes and Groups and i'm not quite sure how to achieve it.
Given the following scopes:
Company
Team
and these roles:
Admin
Editor
Author
and these groups(teams):
Sales
Development
Design
I've already added scopes functionality which works great, so I can have a permission assigned to an admin in the company scope, but I want to be able to assign permissions to admins in a team scope according to the team they belong to.
The application will be quite expansive, but to keep it simple here i'll focus on a couple of use cases that I need to satisfy: Team and employee profiles.
Team profiles
All employees can view all team profiles
A company admin can edit all team profiles
A team admin can edit their own team profile
Employee profiles
All employees can view all employee profiles
A company admin can edit all employee profiles
A team admin can edit employee profiles within their own team
An employee can edit their own profile
What's the best way to achieve this? Every time i try and approach it the solution feels overly complex and i bury myself in nested foreach loops. Is that just the bed i've made for myself or is there a better way to check for a permission against a role, scope & group at the same time?
I'm struggling with how to integrate a User plugin with my application data. I'm using CakePhp 2.1.
Scenario: I have existing membership and club lists, where members can belong to multiple clubs and clubs have multiple members. I've created all the MVC and CRUD for members and clubs and they work fine. And the associations work fine.
I've installed a User management plugin, which allows people to register, confirm, reset their passwords etc. All that works fine.
Where I'm stuck is matching the new "user" with the existing "member" profile information.
When a person creates a login userid, we ask for the membership number and their name so that we can link the new login id with the membership number.
This is where I get stuck.
I've extended the plugin user registration form to include the membership no and I've added user_id to the members table.
Now how do I update the members table with the user_id?
Once the person has logged in using their "user_id" -- the rest of the application features will just be based on their "membership" data.
So, I think my relationships are:
1 user has 1 member
1 member has 1 user, 1 member has multiple clubs, 1 member has multiple positions, 1 member has multiple orders
I think the Plugin for Users is confusing me.
How were the User model and Membership model associated in the first place? You should have already had a Membership.user_id field.
If they're somehow connected already (I assume they are, since you said associations were working correctly), just write a quick MySQL query or repeating PHP script to run through and populate the Membership.user_id fields. You'll only have to do it once now that you have the database and associations setup correctly.