I was going through the mongodb docs for Role Based Authentication Control. I have understood how it works, but I have a few questions.
How is it applied in real life scenarios? For example let's say I am running a blogging web app. How would I use Role Based Authentication Control to improve my app management?
Admin user is a super user, who can do any operation on any blogger accounts, their content. But, bloggers are limited only their content, their account
Admin user:
A admin user will be able to see all the blog posts, even under draft stage.
Admin user can hide or unhide any blogpost.
Admin user will be able to delete or disable any account.
Admin user will be able to take backup of any account blogposts.
Blogger:
A blogger will be able to see only his/her blog posts.
Blogger will be able to hide or unhide only his/her blogposts.
Blogger will be able to delete or disable only his/her account.
Blogger will be able to take backup of only his/her account blogposts.
Related
I am looking for a way to share information about logged-in user between individual sites at Wagtail multisite.
By that I mean the possibility to log in on one site and by that be logged in on all the others.
Problem
In our Teams app tab we want to show the profile image/photo of the current user.
Things we tried
The user is authenticated with Single Sign-on for tabs and we store some user information to track some progress in our app. It is not possible to fetch the profile image from the Microsoft Graph API with the token from the Single Sign-On process — the User.Read permission is missing.
The user profile image does not seem to be available in the Teams context from the Microsoft Teams Javascript SDK.
In SharePoint it is possible to show the profile image of the current user with a special URL: https://<tenant>.sharepoint.com/_layouts/15/userphoto.aspx?size=L&accountname=<upn>. This fails in Teams with an "no access" redirect if the user has not logged in into SharePoint.
Seemingly possible solutions
Extra authentication step to get the User.Read permission; not ideal, nobody is gonna press a extra button just so we can show a profile image.
Convince the Single Sign-on for tabs process to include User.Read; Adding the permission in all kinds of configuration did not change anything in the resulting token.
Use a custom OAuth2 flow, according to this blog post it is possible to setup in the Single Sign-On for bots process. The Teams SDK does not seem to have the same possiblility.
Somehow make sure a user is authenticated in SharePoint so we can use the magic profile image URL; does not seem very likely.
Is there a solution workaround and/or something that we did not try yet for this problem?
You won't be able to modify what the standard SSO does, unfortunately.
The easiest way to deal with this is to use the Microsoft Graph Toolkit, specifically the Person component. It's exactly built for this kind of scenario, and you have the user's AadObjectId from the Teams context.
It does require an Azure Application, but I think you can use the same app. It -will- prompt the user, by default, with a consent popup, but you can get around this, as always, with an admin consenting on behalf of the user.
I am creating a web app that allows users to user their own social network services (Instagram, facebook, spotify, etc.) and display the information like photos, posts, playlists from the SNS.
I know we need each users to authenticate their SNS account first to make the API accessible.
I have no experience with authentication, so I want to get some TIPs of how to do this.
My idea is to provide buttons called Authenticate for each SNS. When the user clicks this, I want to open a window for the user to login to their SNS and when the login is successful, it will give a list of whatever information that is related to the SNS (photos, playlists, etc.).
I want to know what I need to know to do this. I know that we need access tokens to access the user's API. Is there a way to use the access token that the user earns by authenticating his account to access the API?
Any advice will be great. Thanks.
Try firebase authentication. A lot of work is involved in what you want to do, and they have done much of this work for us...
I have a SalesForce.com account that I use for demos. In many cases, I need the users (anyone on the web) to be able to browse the tables without making any changes.
Is there a way to make the tables public or create a guest account?
You can add a new user and create a special permission set to only allow read access. Dev orgs come with two users, but you can deactivate/re-activate users to get around the limit. Or ask SFDC support to add a few more users to your dev org.
There are several places User log-in time and date are logged so you can track them.
We are trying to build one simple website using force.com sites.Here User logged into website and need to perform different actions by moving to different VF pages.
We are facing a Problem to maintaine Session of particular user. We need help regarding how to maintaine session for particular user.
Kindly give your help. Please provide any sample code.
Thanks.
You can't ;)
Think about it, you can store usernames/passwords in your data objects and if they allow you to login and maintain a session for that user and use it to walk around apex pages and builtin forms why would you buy a salesforce license? You could operate a 1000 employees rig with just one administrative license and a site URL. For that reason salesforce does not allow you session control, it grants you one when you buy and expense a license.
For sites, you have to purchase either Customer Portal license or volume-based High Volume Customer Portal set and then use those to "promote" a contact into a login user with the above license. Then, when that user logs into site it has its own session.
This document http://wiki.developerforce.com/index.php/Authenticating_Users_on_Force.com_Sites might be of great help.
This tutorial shows you how to authenticate users on Force.com Sites. It provides a description of Customer Portal, which is needed for the authentication, and shows you how to set up such a site and process to allow site visitors to become authenticated users.
The points on customer portal are correct, and you have to pay for these licences. If you build your own auth on Force.com Sites and salesforce.com finds out they'll be very unhappy. That said you can still do it using cookies (http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_sites_cookie.htm) but it's not perfect because it's client-side.
I highly recommend that you steer clear of this approach though. You're better off building your UI layer on another platform (Google App Engine or Heroku) and using web services created on the Force.com platform through that UI.