I am uploading an agreement to Adobe Sign that needs password protection. Per https://secure.na1.adobesign.com/public/docs/restapi/v6 I should include
"securityOption":{
"openPassword":"0123456789"
}
The separate article https://helpx.adobe.com/sign/kb/how-to-set-open-password-for-a-signed-document-using-rest-api-adobe-sign.html says the key should be securityOptions, but even when including both in the payload it still doesn't seem to take. Here is the full payload with excessive options filled in:
{
"signatureType":"ESIGN",
"state":"IN_PROCESS",
"participantSetsInfo":[
{
"order":1,
"role":"SIGNER",
"memberInfos":[
{
"email":"xxx#xxx.xxx",
"securityOption":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
},
"securityOptions":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
}
}
]
}
],
"signatureFlow":"SENDER_SIGNATURE_NOT_REQUIRED",
"fileInfos":[
{
"transientDocumentId":"XXXXXXXXXX"
}
],
"name":"Passworded Agreement",
"securityOption":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
},
"securityOptions":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
}
}
Where am I going wrong with the field(s)?
There are a few different places for security to be applied to the document. The securityOption field at the top only protects management of the document and does not enforce a password for signers. That should be done through participantSetsInfo and the securityOption and must include authenticationMethod as 'PASSWORD'. You can drop the securityOptions fields as well as the article is incorrect and those names are not part of the specification.
Related
I follow the web page(https://learn.microsoft.com/en-us/graph/api/activitystatistics-list?view=graph-rest-beta&tabs=http)
and use MS Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer/preview) as the image show
to List activityStatistics ,but always get the following information .
{
"error": {
"code": "UnknownError",
"message": "{"Code":"Forbidden","Message":"Access to the requested resource is forbidden.","Target":"ReadUserAnalyticsV2","Details":[{"Code":"PolicyNotSatisfied","Message":"The following authorization requirements are not satisfied: UserRequireAdvancedMyALicense."}]}",
"innerError": {
"request-id": "0bf68858-17f4-498c-bb2b-c2c185e51e78",
"date": "2020-04-08T18:22:22"
}
}
}
And I have try license use get https://graph.microsoft.com/beta/me/analytics/settings
to check that I have the license like the images
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users('5eed83b1-2949-4c9f-b42a-ee9055dfb4fd')/analytics/settings",
"hasLicense": true,
"hasOptedOut": false,
"hasGraphMailbox": true
}
How can I solve the problem ? Thanks a lot.
As per this document, for the analytics API to return results for a user, the current user analytics settings must show a valid MyAnalytics license, be opted in to using MyAnalytics, and have a cloud-hosted mailbox that’s graph-enabled.
The signed user (/me) should have the following response for GET /me/analytics/settings
{
"hasGraphMailbox": true,
"hasLicense": true,
"hasOptedOut": false
}
Then Analytics API will return results.
If the user doesn't have license, you can assign license via PowerShell
The user should also have "Microsoft MyAnalytics(Full)" license assigned as shown in the below picture. To assign a license, you can navigate to portal.office.com.
i am new this linked-in ad campaign API i am not able to find out which facet combination is correct to achieve the specific targeting audience
and there is no JSON enter image description hereavailable to figure it out for proper combination
For Example - if i am selecting company_size with other facet i am not able to create LinkedIn campaign with targeting audience.
So i am not able to find out what is combination for linkedIn target audience,
You can take a look at the example in the doc, a working example for your scenario is:
{
"include": {
"and": [{
"or": {
"urn:li:adTargetingFacet:staffCountRanges": [
"urn:li:staffCountRange:(2,10)"
]
}
}, {
"or": {
"urn:li:adTargetingFacet:industries": [
"urn:li:industry:4",
"urn:li:industry:51"
]
}
}, {
"or": {
"urn:li:adTargetingFacet:locations": [
"urn:li:country:us"
]
}
}]
}
}
I've created a campaign with this targeting and the related targeting audience looks like:
Hope this help
NB: A bug exists in the doc, I didn't remember if the doc was updated
UPDATE:
Referring to the doc:
These facets names and facet values mentioned below are discoverable
using the adTargetingFacets and adTargetingEntities API.
You can also refer to this page for Ads Targeting Discovery.
You can use the explore API in order to find the right key values
I'm creating a chat room with a Fireabse Realtime Database backend and I want some of the rooms to be password protected. I have a rough idea of how that could work but I'm having trouble fully fleshing it out. Say my structure is like this:
Chatrooms : {
-randomID : {
roomName: 'Chatroom 1',
password: 'foobar'
messages: {
...
}
}
}
I could set up security structure as such for rooms that need a passwords:
'Chatrooms' : {
-randomID : {
'roomName': 'Chatroom 1',
'password': 'foobar',
'.read': "data.child('validatedUsers/*user's uid*').val() === true",
'validatedUsers' : {
*user's uid* : true,
*other user's uid* : true,
...
}
'messages': {
'.read': false
...
}
}
}
This way (as I understand it) I can add user's who have been granted access to the validatedUsers object and if they are in the list then the top level .read will override the 'messages' read.
My problem is I can't figure out a secure way to get the password, check it against what the user entered, and then enter them into the validatedUsers object. Since it wouldn't be secure to do so no the client would I need a cloud function of some sort to do the checks? Now that I think about it I would likely need a cloud function to hash the password anyway?
Let's imagine a simple scenario: A simple mail system in firebase in a tree like this:
{
"users":{
"user-0001":{
"mailbox":{
"user-0002":{
"DSdljkdkd333klll":{
"message":"Hi ! I am user-0002 and I sent to user-0001 a message"
},
"JjkJHHH8888Gggg2":{
"message":"Hi ! It's Me, user-0002 again !"
}
}
},
"secretStuff":"Something Private - nobody can write anything here",
"myContacts":"This is my contact list. Obviously just me can access"
},
"user-0002":{
"mailbox":{
"user-0056":{
"DSdljkdkd333klll":{
"message":"Party tonight ! Don't forget !"
}
},
"user-0282":{
"3893NJJj33333eddf":{
"message":"How are you ?"
}
}
},
"secretStuff":"Something Private - nobody can write anything here",
"myContacts":"This is my contact list. Obviously just me can access"
}
}
}
Me as user-0002 , I can write on my own tree.
Ok, but I should be capable to write at user-*/mailbox/user-0002 because I can send a message to any user that I want. And of course: I can't have access to any other key.
So, how to archive this : A rule where I can write on my tree and in an adjacent tree like the example above ?
You should keep public data and private data in separate top-level lists. So:
mailboxes
user-0001
user-0002:{
"DSdljkdkd333klll":{
"message":"Hi ! I am user-0002 and I sent to user-0001 a message"
},
"JjkJHHH8888Gggg2":{
"message":"Hi ! It's Me, user-0002 again !"
}
}
user-0002
user-0056:{
"DSdljkdkd333klll":{
"message":"Party tonight ! Don't forget !"
}
},
user-0282:{
"3893NJJj33333eddf":{
"message":"How are you ?"
}
}
contacts
user-0001: "This is my contact list. Obviously just me can access"
user-0002: "This is my contact list. Obviously just me can access"
secrets
user-0001: "Something Private - nobody can write anything here"
user-0002: "Something Private - nobody can write anything here"
Now you can secure access based on the type of information, and load specific types of information.
If you need all information for a specific user, you will need to read from all three places. But given that you'll usually do this for a specific user, those reads are not a scalability concern. Even if you need all info for multiple users, it's usually quite fast since Firebase pipelines the requests over a single connection.
Also see:
Firebase: How to structure public/private user data
How to create public/private user profile with Firebase security rules?
Make a public profile and a private profile in angular 4+
Firebase: Allow Read of property names, but not content
How to store public/private data under a node, and still query the entire node
After researching more and testing I conclude that this should work...
{
"rules":{
"users":{
"$uid":{
".write":"$uid === auth.uid",
".read":"$uid === auth.uid",
"mailbox":{
"$uid":{
".write":" $uid === auth.uid"
}
}
}
}
}
}
This means:
If I'm user-0001, I can read/write in anything at /users/user-0001, however I just can write in elsewhere if the path is /users/*/mailbox/user-0001
I'm struggling to come up with the best way to structure part of my database and its associated security rules.
I have chat groups, and users can be added to those groups at any point. When users are added to a group, they should be able to retrieve only the messages sent after that. It shouldn't be possible for them to retrieve any messages that were sent before they (the users) were added to the group.
My first approach wrongly assumed that security rules would apply only to the data being queried.
Simplifying it for this question, I had the following structure:
{
"groups": {
"-Kb9fw20GqapLm_b8JNE": {
"name": "Cool people"
}
},
"groupUsers": {
"-Kb9fw20GqapLm_b8JNE": {
"3JzxHLv4b6TcUBvFL64Tyt8dTXJ2": {
"timeAdded": 1230779183745
},
"S2GMKFPOhVhzZL7q4xAVFIHTmRC3": {
"timeAdded": 1480113719485
}
}
},
"groupMessages": {
"-Kb9fw20GqapLm_b8JNE": {
"-KbKWHv4J4XN22aLMzVa": {
"from": "3JzxHLv4b6TcUBvFL64Tyt8dTXJ2",
"text": "Hello",
"timeSent": "1358491277463"
},
"-KfHxtwef6_S9C5huGLI": {
"from": "S2GMKFPOhVhzZL7q4xAVFIHTmRC3",
"text": "Goodbye",
"timeSent": "1493948817230"
}
}
}
}
And these security rules:
{
"rules": {
"groupMessages": {
".indexOn": "timeSent",
"$groupKey": {
".read": "root.child('groupUsers').child(auth.uid).child($groupKey).child('timeAdded').val() <= data.child('timeSent').val()"
".write": "!data.exists() && root.child('groupUsers').child(auth.uid).child($groupKey).exists() && newData.child('from').val() === auth.uid",
}
}
}
}
With that, I figured I could retrieve the messages for a particular group like so:
var myTimeAdded = /* already retrieved from the database */;
firebase.database()
.ref('groupMessages/-Kb9fw20GqapLm_b8JNE')
.orderByChild('timeSent')
.startAt(myTimeAdded)
.on('child_added', /* ... */);
But like I said, that was a wrong assumption. Any suggestion on how I could achieve this?
Read rules are enforced at the location where you attach a listener.
So in your case that is groupMessages/-Kb9fw20GqapLm_b8JNE. If your user has read permission there the listener is allowed. If the user does not have read permission, the listener is rejected/cancelled.
This means that rules cannot be used to filter data. We often refer to this as "rules are not filters" and it's one of the most common pitfalls for developers who are new to Firebase's security model. See:
the section rules are not filters in the Firebase documentation
previous questions about Firebase that mention "rules are not filters"
By themselves your rules are not wrong: they only allow access to each specific child if it's not too old. They just don't allow you to run a query on groupMessages/-Kb9fw20GqapLm_b8JNE anymore.
The common way to work around this is to have a separate structure (commonly called an "index") with the keys of the items that your query would otherwise return. In your case it looks like that might turn into a index for each user with the keys of all messages after they joined.
But I'll be honest, it sounds like you're trying to use security rules in a SQL way here. It seems unlikely that the user isn't allowed to see older messages. More likely is that you don't want the user to be bother by the older messages. In that case, I'd just solve it with a query (as you already have) and remove the ".read" rule.