I have a parent portal with a number of child portals contained within. My host user can access all of the portals, but when I create an admin user I cannot see the user (or it's new role) in the child portals. Is there a way to create an admin user that can update the contents of a module in all of the child portals (not the settings of the module)?
You will need to modify table "UserPortals", and add UserId for each portalid.
And also assign user with admin role on of each portal in table UserRoles, since each portal have different roleId for Administrators. (See table Roles)
Related
We use Azure AD user provisioning, to create and manage users in Salesforce. In itself this is working correctly. But... we have created a new (custom) profile in Salesforce (which Azure AD refers to as role) and this new profile is not being loaded into Azure AD. When creating a new user, we see our old custom profiles, but not the new one.
We started looking in the provisioning logs and saw a lot of "failed" entries. The first part of these logs reads like this:
The name, id, and claim properties of an app role in Azure AD must be
unique. We are unable to update an app role as one or more properties
are not unique. This is most commonly caused by having non-unique role
names in the directory from which roles are being imported.
And then a bunch of non-unique profiles/roles are listed. These are all standard profiles, such as Standard User and System Administrator. They appear twice in the list.
Going back to the screen where we add users, sure enough, these double entries are there as well. Each duplicate being an inactive choice. And: some old custom profiles are shown, also inactive. But not the new one.
This has worked before, as we see the old custom profiles listed. But somewhere/somehow double entries have been added and now we are stuck.
What is the solution? I have no idea on how to remove those duplicate entries from Azure AD. In Salesforce, there are no duplicate profiles. And even if I could remove the duplicate entries from Azure AD, maybe they would be added again on the first provisioning run.
We are using Drupal Commerce in our website.
We have multiple roles in this website ex. Customer, Customer representative, Content editor and Admin.
Users with "Customer" roles will be allowed to purchase product and make orders, Edit profile.
Users with "Customer representative" roles will be allowed to manage all users that are having "Customer" role. Which will include profile edit of any customer, edit customer's orders etc.
We are not sure how to make this functionality working with Drupal7 and Workbench module.
Any suggestions/ideas?? Thanks in advance!
This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.
The module defines new permissions to control access to edit/delete users - more specific than Drupal Core\'s all-or-nothing 'administer users'. It also provides and enforces a 'create users' permission.
https://www.drupal.org/project/administerusersbyrole
user story: a anonymous user should be able to create survey, paste in survey participants' email from their outlook, these participants will become valid user in AD, with their emails as primary search key as extension property in AD. User will get mail, being notified that a survey is ready for them......etc.
Since Azure Email property is only readable, I can only add the user mail as an extension property. When extension property such as "SkeypID", "Email" is added, the searchability is also available?
ex. DirectoryService.users.Where(it => it.myproperty!= null && it.myproperty.Equals('test#gmail.com')).SingleOrDefault();
Let's assume that I want to give access to anonymous user creating user in Active directory, (Sorry, did not try this one myself before asking), does it work without using a user identity as company administrator?
Yes, extension attributes are searchable. Use a query like the one referenced at the GitHub README for my OrgChart extensions sample application. The link should look something like this:
GET https://graph.windows.net/contoso.com/users/joe#contoso.com?api-version=1.21-preview&$filter=extension_d8dde29f1095422e91537a6cb22a2f74_skypeId+eq+'joe.smith'
To allow an anonymous user to create a user in ActiveDirectory you could create an application with write permissions to your directory and have that application allow anonymous access. My OrgChart extensions sample application allows you to create and delete users, but you need to provide it application credentials and a tenant where that app has write consent.
i have a dotnetnuke with two portals that share users into 2 portals.
i want get roles of user A in portal 1 in a module in portal 2(in another portal)
how can i do that?
int portalId = 1;
UserInfo user = UserController.GetUserById(portalid, UserID);
You can get the list of roles for a user in a specific portal using array: user.Roles or you can check if the user is in a specific role using: user.IsInRole(roleName).
When managing the settings of an HTML module in DNN 6 I'm able to add user usernames in the permissions tab below the user roles.
After doing so, I get a new row with 2 columns, Edit and View module.
If Inherit View permissions from Page is left unchecked, both the View and Edit module columns are locked.
If Inherit View permissions from Page is checked, View Module is locked, but Edit Module becomes accessible.
Why am I unable to edit view settings for individual users, and is there way to assign view privileges to a module on a user level?
I imagine that this is a bug in DNN6 and would encourage you to look at upgrading to DNN7.
Also, I would advise against using User permissions. I would recommend you create a role, and assign that user to the role.
The problem with user level permissions is their inflexibility, for example: If the user ever leaves your organization, and you need to replace them with a new user, you have to go through and apply all the permissions over again. If you had used role based permissions, all you would need to do is remove User1 from the security role, and add the new User2 to the security role.