I using google admin sdk to get all users from domain. Below is my code
Directory.Users.List list = directoryService.users().list();
list.setCustomer("my_customer");
list.setPageToken(nextToken);
list.setMaxResults(500);
Users users = list.execute();
I found one issue today. It is not retrieving newly created users only.
I created one new user on domain and checked immediate. Above code didn't retrieve newly created user.It retrieve all old users but not new one.
I checked on Admin sdk browser, there it shows all users with newly created also.I am sure that it was retrieving all with new users before but unable to get what is happening now ? Is there any changes need to do now
for retrieving all users with new one.?
Related
We use Azure AD user provisioning, to create and manage users in Salesforce. In itself this is working correctly. But... we have created a new (custom) profile in Salesforce (which Azure AD refers to as role) and this new profile is not being loaded into Azure AD. When creating a new user, we see our old custom profiles, but not the new one.
We started looking in the provisioning logs and saw a lot of "failed" entries. The first part of these logs reads like this:
The name, id, and claim properties of an app role in Azure AD must be
unique. We are unable to update an app role as one or more properties
are not unique. This is most commonly caused by having non-unique role
names in the directory from which roles are being imported.
And then a bunch of non-unique profiles/roles are listed. These are all standard profiles, such as Standard User and System Administrator. They appear twice in the list.
Going back to the screen where we add users, sure enough, these double entries are there as well. Each duplicate being an inactive choice. And: some old custom profiles are shown, also inactive. But not the new one.
This has worked before, as we see the old custom profiles listed. But somewhere/somehow double entries have been added and now we are stuck.
What is the solution? I have no idea on how to remove those duplicate entries from Azure AD. In Salesforce, there are no duplicate profiles. And even if I could remove the duplicate entries from Azure AD, maybe they would be added again on the first provisioning run.
I'm having the most bizarre problem, which I thought would be quite simple to fix. I helped a client set up a connection to the Amazon Selling Partner API by creating a private app in Seller Central:
Settings > User Permissions > Visit Developer Credentials
New app client
Get LWA credentials (client secret and client id)
Self authorize the app to obtain a refresh token
I've been using this successfully to pull Amazon SP API data for this client, but now the client wants to ensure we don't keep having access to their data and would like to either remove the app and create a new one or at least invalidate existing refresh tokens and/or client secrets and generate new ones. It's quite easy to create a new refresh token, but this doesn't invalidate the existing ones.
I've tried everything, including unticking all the boxes that grant you access to various scopes and putting in a random IAM ARN, but you have to leave at least one box ticked and the ARN has to match an existing one. Getting a non-technical client to create a new IAM ARN just for this doesn't make us look great, and I'm sure there has to be a way to revoke those credentials - what would happen if they became compromised for some reason?
I created a report in DataStudio and embedded it on my website. I activated the option "anyone with the link can view" so this report will be visible to my website users.
But I need to show my website users different data depending on their user ids and more important I don't want users would be able to see other users' data so if I used URL filtering users would be able to breach and search another user id to see his data.
Does anyone have a solution for this scenario?
In Google documentation I saw an option to limit the report to users in my domain, I assume this will solve this issue, but I don't find how to restrict other domains.
Users are logged onto Google
If users of your website are already logged onto Google, use the Filter by email address guide from Data Studio help center. This requires you to setup FILTER BY EMAIL and then have a field in your data can be directly used as an email filter.
Users are not logged on to Google
If you want a solution where the users don't have to be logged onto Google, you will need to:
Create a Community Connector to pass the filtered data to your users. The connector should accept a short lived token as part of the config.
Create a dashboard with your connector and pass unique short-lived tokens for each user.
You should have an endpoint that returns the current user's data based on the token provided. Alternatively, the endpoint can return only the user's identify and you can query a secondary data source with a service account filtering for the user's identity.
Your connector should call your endpoint to fetch data only for the user/for the user's identity.
This official guide demonstrates how to implement this in more details.
Disclaimer: I work in the Data Studio team and wrote the above guide.
First option is to add extra 2 fields to your data source.
User_ID
Password
For example:
Data, User_ID, Password
$10,Daniel,123
$20,Alex,456
In your dashboard, you need to create two parameters:
User_ID_Parameter
Password_Parameter
Both parameters can set the default value to null, and accepts any values.
Then create a new calculated field:
CASE
WHEN REGEXP_MATCH(User_ID,USER_ID_Parameter) AND REGEXP_MATCH(Password,Password_Parameter) THEN 1
ELSE 0
END
Then create a new filter to the chart that you want to hide:
To include the above calculated field Equal to 1
Second option is to use the Data Studio default Row Level Security
The only caveat is the users need to sign in before they can view the report.
I'm creating an app using ionic/angularjs using Backand as the backend service. I have it setup to use a MySQL database.
1) When I create a user through the SDK (version 1.8.2 from the CDN), the user shows up in Registered Users area but does not get a row in the 'users' table. Someone mentioned that I should have Anonymous Access set to User as they said this is a permissions issue but that did not solve the issue for me.
2) I can manually add a user through the Backand GUI and the user gets a row in the 'users' table as I would expect.
3) I can not manually delete users or rows in the 'users' table through the Backand GUI. I get an error stating that the "Delete My App User" failed to perform. You can't specify target table 'users' for update in FROM clause. I haven't modified the Security Actions at all. They're all default. Updating a user receives a similar error.
4) I created a blank app in Backand and updated my app with the new tokens and app name. I was able to login to that app using login credentials that were created on the original app but were not a part of this app. Does this mean users can access any Backand once registered with one app on the system?
Am I just really missing how 'users' registration and logins are suppose to work in Backand?
Any guidance would be appreciated. Thank you in advance.
You can read more on the Back& security concept here.
User can only access to the app he was registred into. In your case I believe the second app has anonymus access, so you have signed in to the first app and got access token, and using the anonymus header you accessed the second app.
Please use incognito window mode for the second app and then you could debug two apps.
You can also review Back& User example to play around with the security.
I have created and running an app on Google App Engine. The app has several users who log in as themself but need to use a common set of CONTACTS. ie on just one user.
When retrieving contacts how do I set the USER NAME for the set of contacts to be retrieved.
At present it always looks at the list of contacts of the user who is logged in.
I am using:
gd_client = gdata.contacts.service.ContactsService()
gdata.alt.appengine.run_on_appengine(gd_client)
query = gdata.contacts.service.ContactsQuery()
query.max_results = 10000
feed=gd_client.GetContactsFeed(query.ToUri())
for i, entry in enumerate(feed.entry):
I have the tokens stored for all users
It doesn't work that way, the user needs to grant access to your application to view the contacts in a process called OAuth2.
There is good tutorial on this here