When I go to App Insights -> Activity Log I get:
No permissions to run the selected query.
Is that because there are no queries to run? Or is it really a permissions problem?
I have defined two queries but they don't show up in the dropdown. Should they?
Where can I read more about this? The docs page didn't help me very much.
Please ensure that the user has access to the following azure provider in addition to the obvious ones.
"microsoft.insights/eventtypes/*"
you could also try "microsoft.insights/*/read", in case you want the role to view all monitoring data from Azure Monitor.
more on custom roles & RBAC is documented here:
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
To configure custom roles in Azure - https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
Activity Log interaction is here:
https://learn.microsoft.com/en-us/rest/api/monitor/activitylogs/activitylogs_list
Related
I have been working with pyrebase, firebase in python, and when ever you start writing your code you have to write the config files from firebase
Which have the database url,the api key,the auth domain and many more.
And if i code the client side with this information anyone with basic knowledge of programing can have access to my entire firebase project which is bad.
And beside that i want to have admin access of the project so i can edit some infos.
My question is how can i give a limited acess to the users and an unlimited acess to my self using pyrebase.
Idk much about user and admin acess and i didn't try much.
I'm new to react native. I am trying to develop an application that uses firebase user authentication. But there is something I can think of. For example, 2 users have registered to my application but I want to show extra information to the first user according to a condition.
How can I separate these two?
Where exactly should I manage this condition?
The question is not super clear as to what issue you are trying to tackle so I apologize if I am inferring incorrectly.
I use MongoDB personally with a Node/Express backend for user data and haven't used Firebase myself but I'm sure you can do the same things with it. I'll be speaking in Mongo terminology but again I'm sure you can do the same with Firebase and at the least this will give a good idea of the thought process.
I have a UserSchema that holds all the user information. When logged in the client app would get this information to be used on the frontend after authentication.
Assuming you are only displaying "extra" information that doesn't need additional privilege you can just pull in the users data stored in firebase and handle the display of this extra info with logic on your frontend client.
If its extra privilege you need to setup firebase to look at the user data that is authenticating and only serve back information if they have the proper privileges.
Also important to note, you should ensure that when you are updating user information from client -> firebase backend you should ensure that you can only update specific user fields via read/write authentication on firebase.
Hope this gives a little better idea on how this process might look. I'll let someone who has used firebase specifically add tech specifics.
I'm using Microsoft Graph SDK for .NET Core. I'm trying to get a list of all Office 365 plans in all Azure Active Directory groups within my organization.
I have been reading through a lot of questions, but haven't found a clear answer to my problem: As it's stated in the official documentation, you cannot list plans in a group using client credentials (application permissions), which is the exact authentication method I'm using. Given this, how can I achieve my objective?
As per documentation, the only way to list plans in groups is to use Delegated Permissions, but in that case, and according to the Microsoft Graph permissions:
either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph.
If the signed-in user is a regular user then the application will only access the groups that user is a member of. Bear in mind that there may not be a single user that is a member of all groups.
Is there a way to get my application to list all plans in all groups within my organization?
You can now use application permissions.
Outdated Reply:
Planner currently does not support application permissions. Depending
on what your scenario is, you have couple of options. One option is to
create a user account to be used by your app, and add that user to all
the groups. Then you'll be able to query the plans with the
credentials of that user.
We just set up elasticsearch, logstash and kibana on our swisscom application cloud instance. Now when I log in into kibana with the full_access_username and full_access_password I can do almost everything except adding new users and manage existing ones under settings - user management.
There I always get a message saying:
You do not have permission to manage users. Please contact your administrator.
Does anyone of you has an idea on how to fix that?
We d like to have different users and give them permissions on some indices and attributes only.
Thanks in advance for your help.
As Swisscom provides their Elasticsearch Service as managed, you have some limitations in terms of administrative functions. At the time of writing this includes cluster and user management as well as watches.
You can provide new users by creating service-keys cf create-service-key <service-instance-name> <service-key-name>.
I'd like to show some map layer on my webpage, so I decided to give a try to this Google service. As the data is collected in a database in my server, I chose to use a service account as explained here and then use the private key generated in my php script.
Everything works fine when creating a table and inserting some test values. I get the table Id and I'm able to play with it from my script. The problem is that I don't know how to access these table from the web browser. In my API console usage stats are shown fine, but when logging with my account to Google Drive I don't see any table in there.
Where am I supposed to access them if at all possible? Do either the apps.googleusercontent.com or developer.gserviceaccount.com accounts play any role to log into some other service to get access through web?
I also got an api key associated, but when trying to query a table I get a 401 error.
Any hint? I'm feeling a bit lost now. Thanks.
You are using a Service Account right?
So when you create a table with this account, this account will be the table owner. No one else has permission to see this table.
When you access the Fusion Tables web interface with Your Personal Account, you will only see tables that you createdwith your Personal Account.
If you wish to inspect the tables created with your Service Account, you have to use the Google Drive API with your Service Account credentials to give access permission to your Personal Account.
Also if you wish to make your table (or any other type of document) public, you need to use this Google Drive API again.
See more about the topic here:
https://developers.google.com/drive/v2/reference/permissions/insert
Tip: if you want to achieve something on behalf of your Service Account that you only need once (so no need to implement a logic for it in your webapp) I'd seriously advise you to consider using the OAuth2 Playground. You can set your Service Account credentials in the "Settings" and issue authorized requests on behalf of your Service Account. Very usefull tool, no coding needed.