Is there any way to figure out the creation date of a tenant ?
I can't seem to find a created_at field in the keystone database.
What I have already found was to take the earliest date of creation of all instances by tenant. but it's not that precise and if there is no instance in the tenant well the tenant doesn't show up...
What you have mentioned in the question absolutely right. You can not get tenant creation time. But you can get instance creation time. There is no proper way to find out tenant creation time.
Related
I want to use the Azure Resource Graph API to get the role assignments of a resource (who are owners, contributors, etc.). That is, I want to create a query that finds the role assignments for a specific resource id that I provide. I've been going through the documentation, but I haven't found any way to get this information.
The only thing I found was this question from a couple of years ago, where it is mentioned as something that could be done somehow ("query the RBAC of each one of those resources").
Could anyone point me to how this could be done? Or is it not possible to do in Resource Graph API, and I need to use the Management API or something else?
I searched through the Azure Resource Graph table and resource type reference and the Advanced Resource Graph query samples, but didn't find an answer
I tried to reproduce the same in my environment and got the results like below:
I created Azure AD Application and added API permissions:
I generated an access token by using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:xxxxxx-xxx-xxx-xxxx-xxxxxxxx
client_secret:ClientSecret
scope:https://management.azure.com//.default
grant_type:client_credentials
To list the Role assignments in the subscription scope, I used the below query:
GET https://management.azure.com/subscriptions/subscriptionId/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01
Based on your requirement you can change the scope and add the filter to get the role assignments. Refer the below MsDoc:
List Azure role assignments using the REST API - Azure RBAC
Currently it is not feasible to retrieve the role assignments via Azure Resource Graph. Alternatively, you can make use of Azure PowerShell or Azure CLI.
Get-AzRoleAssignment -Scope "/subscriptions/SubscriptionId/resourcegroups/RGName/providers/Providername/ResourceType/Resource"
I really hate coming to stackoverflow with such a noob question but my searching has returned little to nothing useful.
So, I've implemented Amplify and Cognito for authentication, that all works but I obviously need to store some additional user information in a database. In my case, I'm going to be using DynamoDB.
My question is, how? How do I reference a user in the database from Cognito? or more specifically, how "should" this be done properly? I can think of a thousand ways to do it, but being fairly new to this side of AWS, I'm not sure of the best path to take.
I'm sure I'll get hammered on this question (always do) but thanks for any genuine advice for somebody with a basic question about how to properly implement something.
Each Cognito UserPool user has a unique UUID UserID. It is the natural choice for the DynamoDB Partition Key for user records. Cognito can trigger a lambda on certain events like sign-up, giving you the opportunity to bootstrap the new user DynamoDB record.
Depending on your use case, Cognito user pool attributes may be an alternative DynamoDb user records. You can set (immutable) string and number values on custom attributes for each user.
in the project i am working on, we have a database per tenant and each tenant consists of at least 1 department. One of the requirements we have is that when an admin user deletes a department using a custom frontend we've provided, the system should first archive the data of that department on a blob storage before the data is deleted. The same we have for the tenant, we need to archive the data before the database of that tenant is removed from the account.
Now, my question: is there any best practice to do this? We are planning to retrieve all the data from all collections, using a mongo query, based on the department id (which is also the partition key) and then send it to a blob storage. The challenge we have is the execution of the query to retrieve all the data because it can be a huge amount and the RUs required for that action may affect the performance of the system because other users may be using the system while we remove the data.
I looked at mongodump and mongoexport but these are applications so we cannot execute it from our code?
Any ideas? Thanks a lot.
I think one way to solve this is by using ChangeFeed, as it reallyhelps and simplifies writing a carbon copy somewhere else.
However, as of now the change feed processor won't notify you for deleted documents so you can't listen for them, this feature is planned as of now.
Your best bet is to write some custom application that does archiving using Query language support
I would like to use Symfonys API platform for a BI application. I know it is great in security and flexibility, but I need something I have not yet found in documentation or here on stackoverflow.
I have multiple databases and each db contains data of multiple customers.
Now I want to limit which customers a logged in BI user can see. If a BI user is limited to see only data of a subset of customers (that relation is present in the DB), how can I make sure this user will only see data related to those customers, and not any other?
I could use a customer ID as entrypoint, would since it should contain data of all customers and the list of customers is dynamic, this will not work.
I know there must be a way to have that security on kernel level/Event Listener but was unable to find this.
Thanks in advance for any help!
It is possible to erase a customer with InstanceID to comply with GDPR: https://godoc.org/firebase.google.com/go/iid#Client.DeleteInstanceID
However we do not have historical Firebase Instance IDs. BigQuery has a field app_info.app_instance_id but this is not a valid instance ID.
Is it possible to erase a customer with app_instance_id?
An app instance ID identifies (as its name implies) an app instance. It does not identify a specific user. While it is quite common to associate IIDs with users, Firebase has nothing built in for that. This means that, unless you have the data in your database, there is no way to find out the associated IIDs for a user by calling the API.