I need to add new roles in fosuserbundles because I went to make differentiation between user:student or teacher and admin.
When I register roles as default as Role_user that's why i went to add student or teacher when i went to register and when i make this command in cmd :php app/console fos:user:demote testuser ROLE_ADMIN php app/console fos:user:demote testuser ROLE_Student.
It accept it so i went how i can add some roles when i register
Please can someone help me ?
The same way you demote a user, you can promote a user by calling:
php app/console fos:user:promote user role
You must have your role defined in the security.yml
Related
I am making a web panel for my discord bot with a module called discord-oauth2-api and I can get my perms in the servers as permission code like this: 453223243328 but I don't know what does change if a user has administrator in this code so I can't check if a user has administrator.
For what i found the code: 2147483647 under the voice of "permissions" means that the user in the server has "Administrator" permission (the code can even mean the user is the owner of the server).
You can even find if the user is admin with the voice: "permissions_new" which is: 4398046511103.
Thats what i've found, if you what to know more theres a guide from discord for all the values https://discord.com/developers/docs/topics/permissions
I have to create users in scratch org through sfdx cli command and assign profile, role to the user.
The command used is
sfdx force:user:create -u <targetusername> -v <targetdevhubusername> Username=testuser1#my.org LastName=testuser1 Email=me#my.org profileName='System Administrator' generatepassword=true
But I want to assign role as well to the user.
Tried few ways like
Adding parameter to the user create command
UserRole='System Admin'
But its not working.
Can anybody please help me in assigning role to user through sfdx cli.
And once the user is created through Salesforce UI, we have button to Reset Password or checkbox to Generate new password and notify user immediately.
I want to do the same with sfdx cli.
Can anybody help me here. I am stuck since long time.
Thanks in Advance!
Using IAM, I am trying to allow certain users to access API's and allow them to create OAuth client credentials. Is there a predefined role for allowing this? I don't want to use the role of project editor, because I'm trying to allow access to only the necessary services.
It's when the user is in their project, and they go to "APIs and Services" > Credentials, the user receives this error:
You don't have permission to view API keys, OAuth clients, and service account keys.
Roles/Permissions:
-App Engine Admin
-Cloud Functions Developer
-Cloud Datastore Owner
-Service Account Admin
-Source Repository Administrator
-Storage Admin
So I believe I've come across the solution. After failing to find a predefined role or any answers online, I started to delve into creating custom roles. If anyone has issues with this in the future, here is what I have done.
I went to Project Settings > Roles > Create Role. I then created 2 custom Roles, here are all the permissions I assigned to them:
"Custom API"
container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
serviceusage.apiKeys.create
serviceusage.apiKeys.delete
serviceusage.apiKeys.get
serviceusage.apiKeys.getProjectForKey
serviceusage.apiKeys.list
serviceusage.apiKeys.regenerate
serviceusage.apiKeys.revert
serviceusage.apiKeys.update
"Custom Client Auth"
clientauthconfig.brands.create
clientauthconfig.brands.delete
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
*Note that at the time of writing, these individual permissions are in a "testing" state, and may not work as intended.
You can go to the roles page:
https://console.cloud.google.com/iam-admin/roles?project=[your-project-id]
And there you can filter for the permission you need:
Now you can see in the list all the roles include the permission you need, and you can return to the IAM page:
https://console.cloud.google.com/iam-admin/iam?project=[your-project-id]
And select one of those rules:
I am new to the framework cakephp and I am using the Authentication component as well as the ACL. I have followed this tutorial: http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html to get me started.
How do I give a not logged in User a role (group) ACL such as 'Guest'?
Should I even consider giving a not logged in user such a role (group) ACL? I mean would it bring any disadvantages?
Usually you would not give a role to a user that is not logged in, because the user would not have a record in the user table therefore the User could not belongTo a Role. If you wanted to do alot of special programming I guess you could do it, but I don't see a point.
Most people just allow non-authenticated and authenticated users access to various parts of there app with the $this->Auth->allow() parameter in the controller. Then they section off other parts of the application to allow certain authenticated Users belonging to certain Roles to access with ACL.
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#making-actions-public
How can i login without logout from current user to another Active Directory user with C#. ;
1-Getting new user's access
2- doing my work and than logout with c# same way.
For example i am a user at blabla.com domain.I have logged in a Power User.But i need Admin Rights for something so i need to logout and change user to Administrator do my job and relogin with Power User again.I wanna do it with C#.
I heard something like that Impersonate User but i think this is not what i want.
Edited : I want login with another user and get this user's permissions without logout from my current user in c#.
Your question is not very clear. If what you want to be doing is querying/modifying AD, then t4zsan's answer is correct.
If you just need the other user's groups/security permissions, then Impersonation is the way to go. This article will give you a good foundation on it.
Caveats: The user you wish to impersonate must be able to logon to the machine you are running the code on. You can't impersonate a user in another domain if that domain is not trusted. Nor can you impersonate a local user on another machine, obviously.
When using the classes in System.DirectoryServices to connect to AD you have the option of specifying user credentials. For example when using DirectoryEntry there is a constructor overload taking username and password that lets you connect as a different user.