I want to give users permission to only add utterances to Intents which owner gave them access.
Author is one who should have full access like adding, removing or modifying Entity, Intent, Etc,..
There is concept called collaborate but that will have all access to author the model, train and publish which doesn't seems to really good.
Is there concept with role based actions in LUIS portal or is Microsoft is coming up with in latest luis portal which is under preview now .
Any help is appreciated. Thanks ...
As of now, there is no such provision to allow the users to just get the permission to add utterances to intents. Role based assignments do not allow you to give access to users just to add utterances and are basically classified as contributors, collaborators, owner and so on. LUIS allows you to collaborate and contribute with Azure AD and RBAC based on Azure Active Directory resource and Azure Active Directory tenant user.
You can request for this feature by posting the idea on the feedback forum for cognitive services.
Related
I've found out that there are differences between current and previous luis portals regarding functionality. I'm talking about eu.luis.ai (current) and previous.eu.luis.ai specifically.
For the scenario we assume the following:
There are multiple Azure Directories/tenants to which I was granted access
There is one authoring resource in a subscription in one of the ADs
There are multiple luis apps that belong to this authoring resource
I'm set as contributor in the authoring resource IAM
There are multiple prediction resources in different Azure Directories which I want to assign to these luis apps
In the current portal I select the Azure Directory via the profile menu. Within the selected AD I now can choose a authoring resource and then access the luis apps.
Now if I try to assign the prediction resources this is possible for prediction resources located in the Azure Directory I've selected. If I switch the AD, I would be able to assign the prediction resources of this AD but I'm not able to select the authoring resource of the other tenant and so I can't see any luis app.
In the previous portal I select the subscription and the authoring resource and then am able to access the luis apps. To assign the prediction resources I click the button "Add prediction resource" under the "Manage" tab of an app. A modal window opens where I can select a tenant, then a subscription of this tenant and then a prediction resource. So I'm able to assign any prediction resource of any tenant to which I was granted access to the luis apps that is registered to one authoring resource.
And the question is
How can I assign any prediction resource of any tenant I was granted access to to a luis app that is linked with an authoring resource of a different tenant in the current luis portal?
#ooorndtski The change in the new luis portal is to ensure the change in tenant is handled in the the same way as Azure portal. If you would like to assign a different prediction resource of different tenant you can use the programmatic API's. This thread details these steps.
I'm using Microsoft Graph SDK for .NET Core. I'm trying to get a list of all Office 365 plans in all Azure Active Directory groups within my organization.
I have been reading through a lot of questions, but haven't found a clear answer to my problem: As it's stated in the official documentation, you cannot list plans in a group using client credentials (application permissions), which is the exact authentication method I'm using. Given this, how can I achieve my objective?
As per documentation, the only way to list plans in groups is to use Delegated Permissions, but in that case, and according to the Microsoft Graph permissions:
either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph.
If the signed-in user is a regular user then the application will only access the groups that user is a member of. Bear in mind that there may not be a single user that is a member of all groups.
Is there a way to get my application to list all plans in all groups within my organization?
You can now use application permissions.
Outdated Reply:
Planner currently does not support application permissions. Depending
on what your scenario is, you have couple of options. One option is to
create a user account to be used by your app, and add that user to all
the groups. Then you'll be able to query the plans with the
credentials of that user.
I have linked GA360 to Big Query. I do have a service account added to GCP as per documentation. The account I used has Project Owner permissions as required to link to said project.
Can I remove the Project Owner permissions from the GCP account once the link has been established in GA360? I do not want that account to have such a high access level to the project.
I did run a test on a small scale and it worked but I am not willing to risk a transfer failure on all of the data in production.
Yes, you can remove the permissions from the account you used to link GA360 to BQ.
The permission is only required for the time of setting this up.
It is not being checked whether the account which set up a connection is still active or has the same rights.
We have had multiple views linked by different accounts, of which most are not in the team anymore and therefore do not have "owner" rights anymore. The exports still work though (which makes sense, given that a company might keep using GA and the exports but part ways with the internal/external employee who sat it up).
I have successfully deployed a Google Cloud Endpoints Developer Portal for my API running on Endpoints. I would like to provide access to testing to people outside my organisation that are not using GCP in their projects.
Login to the portal works correctly if I enable the Service Consumer role for these people (on per-email basis). However, when they open it for the first time, they are being asked to grant some extra permissions to the portal:
This form can create totally unnecessary security concerns. Does anyone know, why is it needed?
I only would like my clients to be able to test my API using a GUI, before they could start connecting their projects (not necessary on GCP) to mine. This seems to be a valid use case for me, however I might be misunderstanding some basic concepts.
Or should I submit a feature request to Google about a new role that only enables the access to the portal, and nothing else, so no such forms are shown?
Since Endpoints APIs must be explicitly shared with customers, the portal needs to verify that the logged-in user has permission to view that Endpoints API. So the short answer is that these scopes are being requested primarily so the portal can check the user's access to this API.
Longer answer is that we (the Endpoints team) are looking into if it's possible to build narrower OAuth scopes that would correspond to the access checks we perform. We agree that it's unnecessarily broad of an access request and are hoping to improve this in the future. Thanks for your comment!
I'm wondering if anyone knows how to link Laravel's Passport tokens to something else then Users. My use-case is a multi-tenant app with Teams and Users. Where a user can belong to multiple teams.
When creating a token it should be linked to a Team instead of a specific user.
Same thing goes of course when authenticating through the api, the authentication goes for a Team instead of a specific user.
I'm assuming I need to have the HasApiTokens trait to the Team model and probably a custom provider for the api auth-driver, but i'm not quite sure how to proceed with this.
Thank you in advance for any tips/ideas.