I have a Firebase project with accompanying webapp (website).
I am looking to create a commmunity on the site, with user accounts, logins and ability to post comments on the site.
I am the Firebase project owner and have some developers (viewer & editor roles) who maintain the site for me.
My concern is that if I create user accounts, my developers may get access to these user emails which compromises GDPR.
Is there a way in the Firebase database of a project, to hide user emails & password data from said developers or even myself?
Appreciate your advice
After doing some research and even hiring someone on fiverr to walk me through this I finally figured out what do do.
First as mentioned by Frank above I need to create a custom IAM role on Google cloud platform. The youtube tutorial below walks through how to do this
https://www.youtube.com/watch?v=6GTGSMW_-XQ
Second make sure that the permissions that you assign for them do NOT include any of the below.
Firebase Authentication permissions:
(firebaseauth.configs.create, firebaseauth.configs.get, firebaseauth.configs.getHashConfig, firebaseauth.configs.getSecret
firebaseauth.users.delete, firebaseauth.users.get, Firebaseauth.users.sendEmail, firebaseauth.users.update)
That's it pretty much
Related
I would like to add an integration but I have no idea how to contact the owner or any admins.
When I go to https://pivotaltracker.com/accounts I see a userID for the owner (no email) of my Enterprise account, and I see that 4 admins exist but no other information.
Also, neither are hyperlinked or have tooltips.
On the integrations menu/tab it tells me that I need to contact the administrator, but it doesn't tell me how.
In my case, I reached out to support#pivotaltracker.com and they helped me out. I did not discover a self-service method.
I created an App with the GSuite administrator account. But now when I go back I am my work user(rob) and have no access to the App I created.
If I then go to Google and switch accounts there is no issue for all other Google apps(drive, gmail etc) but Appmaker still shows me as rob.
How can I convince App Maker to work like all other Google apps and let me select the logged in user?
Most likely it happens because at this time App Maker doesn't provide users with account chooser widget like most other Google products. Here are some things to try to bypass this limitation:
use different chrome instances for better accounts separation (https://support.google.com/chrome/answer/2364824) - I would highly recommend this approach. I have about 10 different accounts and this feature saves me tons of time and gives peace of mind
use incognito window
log out from other accounts (in theory, when you open AM it will ask you to choose an account and re-login)
I need to extract Google Analytics data through it's API. However I do not want to generate any account and key manually (the reason is I do not want to let this technical this to be performed by any non-techie person) and want to dump that data for analysis purpose.
In order to use any of Googles APIs they need to know who you are. You as a developer are identified by the project you create on Google Developer console. Once the project is created you can create a number of different types of credentials including Service account credentials and Oauth2 Credentials.
Answer: No there is no way to programmaticlly create service account credentials. Nor is it possible to use the a Google api without first creating a project on Google developer console.
Note: Google Cloud Resource Manager does exist but is very limited in what it allows you to do.
If someone else is going to be running your application to access their Google analytics Data you should idealy be using Oauth2 in your application and not a service account.
Service accounts are designed as way for the developer to grant others access to data owned by the developer in question. They are not really intended for novice users to be creating their own projects on google developer console and generating credentials.
You are basically asking if you can obtain the credentials necessary to query the API via the API. This does not work.
I am also not sure how this would help you. Before you can do any API operations to a Google Analytics account you need to have an authorized user (e.g. a service account) added to your view or property. If you are in a situation where you can add a user programmatically to an account you might as well just read the data you need.
In realtime database I have exactly 448101 users that authenticated by different providers. Is there any easy way to filter how many users sign-up with facebook, twitter, google or anonymous-login? I believe this feature should be in the analytics section of firebase console.
Thanks
There is no such feature in the Firebase Console at the moment. But it sounds reasonable, so I suggest you file a feature request.
In the meantime: since you say you have the users in the database, you might be able to derive the data from there, or at least start tracking it there.
I want to show google analytics dashboard to my users. It is not possible to give access of "google analytics dashboard" to all users. So I want to integrate it on my own website. Will it be possible to integrate google analytics dashboard on a particular website?
This question gets asked quite a bit. It is important to understand the security model for the API. All Google APIs use OAuth2.0 to authenticate the user. This is designed to make it easy to use the API to access the Users's data on behalf of the user. In contrast you will need to do work to show Your data to your users.
With that said, an example of what you are looking for is the Server side Auth example provided by the Analytics API team.
The simplest answer is to query the API on the server side, with a service account and serve that data as you serve any other data to your users. Read the scenarios in detail, and pick one that best suits your end goals. Understand how the API views the following entities.
A User uses an application.
A Developer develops Application.
An Application has a project id and its associated credentials.
A user authorizes an application to access their data via the API.
You are breaking this paradigm because you are the user and developer from the API's perspective. You want to share your data with people who are not authorized to view it, so you will need to use a service account to access that data and share it directly with your users.
Also remember to add the service account to Analytics View you wish it to access.
Check out EmbeddedAnalytics if you prefer not to get bogged down learning oAuth2, the CoreReporting API, and lastly a charting tool. We simplify the process. All you do is create your chart and embed a snippet of code in your site where you want the chart/dashboard to show.