I follow the web page(https://learn.microsoft.com/en-us/graph/api/activitystatistics-list?view=graph-rest-beta&tabs=http)
and use MS Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer/preview) as the image show
to List activityStatistics ,but always get the following information .
{
"error": {
"code": "UnknownError",
"message": "{"Code":"Forbidden","Message":"Access to the requested resource is forbidden.","Target":"ReadUserAnalyticsV2","Details":[{"Code":"PolicyNotSatisfied","Message":"The following authorization requirements are not satisfied: UserRequireAdvancedMyALicense."}]}",
"innerError": {
"request-id": "0bf68858-17f4-498c-bb2b-c2c185e51e78",
"date": "2020-04-08T18:22:22"
}
}
}
And I have try license use get https://graph.microsoft.com/beta/me/analytics/settings
to check that I have the license like the images
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users('5eed83b1-2949-4c9f-b42a-ee9055dfb4fd')/analytics/settings",
"hasLicense": true,
"hasOptedOut": false,
"hasGraphMailbox": true
}
How can I solve the problem ? Thanks a lot.
As per this document, for the analytics API to return results for a user, the current user analytics settings must show a valid MyAnalytics license, be opted in to using MyAnalytics, and have a cloud-hosted mailbox that’s graph-enabled.
The signed user (/me) should have the following response for GET /me/analytics/settings
{
"hasGraphMailbox": true,
"hasLicense": true,
"hasOptedOut": false
}
Then Analytics API will return results.
If the user doesn't have license, you can assign license via PowerShell
The user should also have "Microsoft MyAnalytics(Full)" license assigned as shown in the below picture. To assign a license, you can navigate to portal.office.com.
Related
I am uploading an agreement to Adobe Sign that needs password protection. Per https://secure.na1.adobesign.com/public/docs/restapi/v6 I should include
"securityOption":{
"openPassword":"0123456789"
}
The separate article https://helpx.adobe.com/sign/kb/how-to-set-open-password-for-a-signed-document-using-rest-api-adobe-sign.html says the key should be securityOptions, but even when including both in the payload it still doesn't seem to take. Here is the full payload with excessive options filled in:
{
"signatureType":"ESIGN",
"state":"IN_PROCESS",
"participantSetsInfo":[
{
"order":1,
"role":"SIGNER",
"memberInfos":[
{
"email":"xxx#xxx.xxx",
"securityOption":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
},
"securityOptions":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
}
}
]
}
],
"signatureFlow":"SENDER_SIGNATURE_NOT_REQUIRED",
"fileInfos":[
{
"transientDocumentId":"XXXXXXXXXX"
}
],
"name":"Passworded Agreement",
"securityOption":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
},
"securityOptions":{
"openPassword":"XXXXXXXXXX",
"protectOpen":true
}
}
Where am I going wrong with the field(s)?
There are a few different places for security to be applied to the document. The securityOption field at the top only protects management of the document and does not enforce a password for signers. That should be done through participantSetsInfo and the securityOption and must include authenticationMethod as 'PASSWORD'. You can drop the securityOptions fields as well as the article is incorrect and those names are not part of the specification.
I am trying to get public data of an organisation via the LinkedIn api using the urn of an organisation that I am not an admin of as described in their docs
When accessing the data via https://api.linkedin.com/rest/organizations/15564 I get an access permission error.
I tried adjusting the projection to only access public data but I still get the same error. Used url https://api.linkedin.com/rest/organizations/15564?projection=(elements*(entity~(vanityName)))
According to their docs, I should be able to retrieve an answer like:
{
"elements": [
{
"entity~": {
"vanityName": "linked-it"
},
"entity": "urn:li:organization:1032984"
}
]
}
How can I access public information such as vanity name or the logo via the api of organisations I am not an admin of?
I am trying to figure out the difference between the admin role and the user role permissions when querying a Remote Schema, they both show that they have full access. However, when doing a query the user role cannot find one of the inputs for some reason. The query is
query SearchFacilities($getFacilitiesInput: GetFacilitiesInput!, $startDateInput: StartDateInput!) {
facilities(getFacilitiesInput: $getFacilitiesInput) {
facilityID
permitEntrances(startDateInput: $startDateInput) {
availability {
remaining
}
}
}
}
When running the query with the x-hasura-admin-secret it works fine. However, when I switch to the user role by setting a Bearer token for the user, I get the following error:
{
"errors": [
{
"extensions": {
"code": "validation-failed",
"path": "$.selectionSet.facilities.selectionSet.permitEntrances"
},
"message": "'permitEntrances' has no argument named 'startDateInput'"
}
]
}
They both have the same permissions according to the UI, in the remote schema section. Any ideas on what is causing this discrepancy? Been trying to figure this one out for a while, thanks for any help.
I'm creating a dynamic link via API.
How can I specify to open the AppStore if the app is not installed?
here the body for my request:
{
"dynamicLinkInfo": {
"domainUriPrefix": "https://wi.page.link",
"link": "https://wiapp.com.au/faq?promocode=mypromo_code",
"iosInfo": {
"iosBundleId": "com.direce.sr",
"iosFallbackLink":"id1356389392",
"iosAppStoreId":"id1368389392",
},
"socialMetaTagInfo" :{
"socialImageLink":"https://vignette.wikia.nocookie.net/doraemon/images/b/b8/Doraemon_2005.PNG/revision/latest?cb=20151207094313&path-prefix=en",
"socialTitle":"my titu",
"socialDescription":"descripotio"
}
},
"suffix": {
"option":"UNGUESSABLE"
},
}
this works if I create the dynamic link via firebase console, where I can specify what to do if app not installed
Ok!
found the problem, is the
"iosAppStoreId":"id1368389392"
it is different value if creating from the dashboard or for API,
so the correct one when doing from, API should be without the "id"
"iosAppStoreId":"1368389392"
You can add a parameter called iosInfo, which has a property called iosAppStoreId (the app store id).
Check the documentation page here.
I have been trying to use the api to create service accounts in GCP.
To create a service account I send the following post request:
base_url = f"https://iam.googleapis.com/v1/projects/{project}/serviceAccounts"
auth = f"?access_token={access_token}"
data = {"accountId": name}
# Create a service Account
r = requests.post(base_url + auth, json=data)
this returns a 200 and creates a service account:
Then, this is the code that I use to create the specific roles:
sa = f"{name}#dotmudus-service.iam.gserviceaccount.com"
sa_url = base_url + f'/{sa}:setIamPolicy' + auth
data = {"policy":
{"bindings": [
{
"role": roles,
"members":
[
f"serviceAccount:{sa}"
]
}
]}
}
If roles is set to one of roles/viewer, roles/editor or roles/owner this approach does work.
However, if I want to use, specifically roles/cloudsql.viewer The api tells me that this option is not supported.
Here are the roles.
https://cloud.google.com/iam/docs/understanding-roles
I don't want to give this service account full viewer rights to my project, it's against the principle of least privilege.
How can I set specific roles from the api?
EDIT:
here is the response using the resource manager api: with roles/cloudsql.admin as the role
POST https://cloudresourcemanager.googleapis.com/v1/projects/{project}:setIamPolicy?key={YOUR_API_KEY}
{
"policy": {
"bindings": [
{
"members": [
"serviceAccount:sa#{project}.iam.gserviceaccount.com"
],
"role": "roles/cloudsql.viewer"
}
]
}
}
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.cloudresourcemanager.projects.v1beta1.ProjectIamPolicyError",
"type": "SOLO_REQUIRE_TOS_ACCEPTOR",
"role": "roles/owner"
}
]
}
}
With the code provided it appears that you are appending to the first base_url which is not the correct context to modify project roles.
This will try to place the appended path to: https://iam.googleapis.com/v1/projects/{project}/serviceAccount
The POST path for adding roles needs to be: https://cloudresourcemanager.googleapis.com/v1/projects/{project]:setIamPolicy
If you remove /serviceAccounts from the base_url and it should work.
Edited response to add more information due to your edit
OK, I see the issue here, sorry but I had to set up a new project to test this.
cloudresourcemanager.projects.setIamPolicy needs to replace the entire policy. It appears that you can add constraints to what you change but that you have to submit a complete policy in json for the project.
Note that gcloud has a --log-http option that will help you dig through some of these issues. If you run
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$NAME --role roles/cloudsql.viewer --log-http
It will show you how it pulls the existing existing policy, appends the new role and adds it.
I would recommend using the example code provided here to make these changes if you don't want to use gcloud or the console to add the role to the user as this could impact the entire project.
Hopefully they improve the API for this need.