We are using Drupal Commerce in our website.
We have multiple roles in this website ex. Customer, Customer representative, Content editor and Admin.
Users with "Customer" roles will be allowed to purchase product and make orders, Edit profile.
Users with "Customer representative" roles will be allowed to manage all users that are having "Customer" role. Which will include profile edit of any customer, edit customer's orders etc.
We are not sure how to make this functionality working with Drupal7 and Workbench module.
Any suggestions/ideas?? Thanks in advance!
This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.
The module defines new permissions to control access to edit/delete users - more specific than Drupal Core\'s all-or-nothing 'administer users'. It also provides and enforces a 'create users' permission.
https://www.drupal.org/project/administerusersbyrole
Related
Why a normal domain user on a domain joined Computer can see all users and groups on the domain through win32_account Class? Can this be prevented?
This is by Msft default design. "Authenticated Users" are allowed to read Azure AD objects (in general, some specific attributes excepted).
You can change this in AD object rights, but Msft is usually not recommending this, at least for the domain root. You may try it with the object properties of a Ou and move users below this.
You can edit these rights in "ActiveDirectory Users and Computers":
right click OU
select "Properties"
select Tab "Security"
remove "Read" from "Authenticated Users"
Or
create a User Group for selected users you want to prevent from browsing
add this group to Security and add "Deny" for "Read"
In a stock "rails-devise-pundit" application generated using "railsapps",
does it include support for adding multiple roles for users?
A can I make John Doe have a :user role plus an :admin role
In the default "rails-devise-pundit" application, each user has only one role. However, you can create your own custom Pundit policies to accommodate multiple roles. See the Pundit documentation.
I have roles hierarchy in place.
the new requirement is to set up permission to specific external users so they will not be able to see other users records.
the sharing setting for the object is set to Private. I cannot create a user without a role. Other users should be able to see other users (in their role) records. but only this few users should be able to see only records they own.
any idea how to solve it?
thanks,
Chen
In our system we use Active Directory to store users and then Crowd server is used to authenticate users to the Atlassian systems.
I need to implement a mechanism to add users to the groups in crowd when a new user in AD syncs with crowd. If user email is #xyz.com they should be automatically added to xyz group and If user email is #abc.com they should be automatically added to abc group etc.
How can I do this?
I'm starting out with force.com development, and I'm currently a little hazy about what the above terms all mean. Could someone give an overview, and if possible explain how permissions are defined on each one (if at all)?
User: a user who can login to Salesforce. Also includes customer and partner portal users.
Account: a business account, which usually represents a company and usually has child contacts (i.e. people in the company)
Role: a hierarchical group users in an organization that is used as part of the sharing model. Users in higher roles have rights to see the records owned by users in lower roles (assuming their Profile allows it). Users do not have to belong to a role.
Profile: a collection of permissions and access rights for a user including CRUD permissions. A user must belong to exactly one profile. Also see about Permission Sets, which are a many-to-many relationship with users and augment profiles.
Owner: A user or group (queue) that owns a record. Record ownership along with the role hierarchy (and a few other things) control who can see the record.
To put it all together, you could say something like:
John Doe is a salesperson for ABC, Inc, and is a user in their organization. He is the owner of the Acme account. He has the Salesperson role, which is subordinate to the Sales Manager role, so his manager can see all his records. He has the Standard User profile, so he cannot perform administrative functions in Salesforce.
I'd also recommend that you take a look at the API doc, which explains all the entities and has relationship diagrams.