Is there a place where I can find a list of permissions that I need to give to create the metadadb in mysql ? I dont want to do grant all for the airflow user.
Related
I have a Firebase Realtime Database that I connect to from my Java application using the Admin SDK.
In my project I have multiple databases, but for administrative reasons, I want to create separate service accounts for each one. In other words, I want the service account to have full database access, but only to one particular database.
I was hoping this could be done through Google Cloud IAM but I am having trouble finding how. I tried adding giving the service account "Firebase Realtime Database Admin" permission but with a condition of Name = //mydbname.firebaseio.com but that doesn't work. That is, my Java backend is not able to connect to the database with that condition in place.
Am I on the right track, just using the wrong name? Is there a better way to do this? Thanks.
firebaser here
There currently is no way to do control access per database instance through IAM. It sounds like a reasonable feature though, so I recommend filing a feature request for it.
The best I can think of for now is to authenticate with limited privileges when you initialize the Admin SDK and then check that identity in the security rules of each instance, but that means that the code could also choose to not pass a UID, which may be exactly what you're trying to avoid.
so what every i am doing in the gcp giving it roles iam roles to configure the policies , i am not able to do to my firebase project. i am able to log into it using my terminal with firebase login and then then firebare init is there and i put the function initilaize but it says i don't have permission to do that i need to give it permission so i open the file
/iam-admin/iam?folder=&organizationId=&project=clone-6de06 because this is my firebase project but i dont' have access to it in the gcp so i am not able to change the permission to change the policy or
need to run the role command
gcloud projects add-iam-policy-binding ourcafe-mucqxq
--member=serviceAccount:service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com
--role=roles/cloudfunctions.serviceAgent as that says it will take care of following error: Deployment of your Cloud Function failed:
Missing necessary permission resourcemanager.projects.getIamPolicy for
service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com on
resource projects/ourcafe-mucqxq. Please grant
service-1044193269753#gcf-admin-robot.iam.gserviceaccount.com the
Cloud Functions Service Agent
any help will be appreciated thank for the help.
Did you try to log in to firebase with a proper account?
If you're not sure that your account with proper permission, you can go to Firebase project >> Project settings >> Users and permission to check that your account is on the list with the right permission.
Also, you can see all of the accounts on the IAM of GCP console.
I trying to set up a development environment from an existent project on Firebase, we are currently using Firestore as a database. I've successfully exported the Firestore data from one project to another but I can't figure out a way of importing the data, it keeps saying
ERROR: (gcloud.firestore.import) PERMISSION_DENIED: The caller does not have permission
I've tried adding the [SOURCE_PROJECT_ID]#appspot.gserviceaccount.com as a Storage admin on the bucked but got no success, also tried adding all possible permissions and accessing through the cli the services accounts.
Which permissions do I need in order to import this data?
So you have a source_project and a new dev_project, and you're trying to run gcloud firestore import for your dev_project. Some things to check:
Make sure gcloud is connected to your dev_project:
gcloud config set project DEV_PROJECT_ID
From the error, it sounds like the account you're using with gcloud doesn't have permission to run gcloud firestore import for your dev_project. Make sure your user account is a project owner or has the datastore.owner role for your dev_project.
For the bucket permissions, it's the [DEV_PROJECT_ID]#appspot.gserviceaccount.com service account that needs access to the bucket with the data files.
Also see docs for moving Firestore data between projects.
I need to grant permissions to a user for my Firebase project. But this user should only have access to adding data on Real-Time Firebase Database. I think it should be done here:
User can only add and delete data in firebaseDatabase and nothing more here:
How do I set permissions for this user?
There currently is no way to give product-level permissions to a collaborator on the Firebase console. Either they have access to the console, or they don't have access. You can give them read-only access, but that doesn't sound like what you need.
I'm attempting to filter Dags by owner in my Airflow instance.
List of the steps i'm taking.
1- Configure my airflow.cfg as follow. portion of airflow.cfg config
file
2- My Dags receive a owner through default_args variable
3- Have an Airflow user named as the one pass to my Dags as owner
Still when I login with the user, I can see all Dags. Steps to create the user
Any Idea Why is not filtering Dags by owner. Thanks
Until Airflow Version 1.9.0:
The reason the user is still able to access all the dags is that it is a superuser by default. Unless you use LDAP for authentication, all the users created are superusers and Airflow have no other roles.
However, if you use LDAP, you can have superuser and dataprofiler roles.
This should change in upcoming versions of Airflow.