I want to give some developer rights to check if the jobs are complete without granting full admin rights.
I have seen people saying to add the user to SQLAgentReaderRole role. Is there any additional permission that the role will have other then just viewing job status.
Related
In Sonatypes Nexus Repository 3, is there a way to see which users/roles imply a certain permission?
In NXRM3 (and NXRM2), Users are given 1 to many Roles which are made up of 1 to many Privileges. The privileges define what areas of the site you can access and what you can do.
If you edit the respective User, you can see what Roles they have.
If you subsequently edit the respective Role, you can see what Privileges they have.
Admittedly, some of the privileges are more clear than others. nx-analytics-all for example gives access to the analytics section. One common confusion is the repository view vs admin permissions. The former gives permission to browse and access components while the latter gives access to administrate the repositories (empty cache, set timeouts, change the source URL).
If unclear about a specific privilege, a good source is the Sonatype user group: https://groups.google.com/a/glists.sonatype.com/forum/?hl=en#!forum/nexus-users
Licensed customers are welcome to contact support or their customer representative.
Reference: https://help.sonatype.com/display/NXRM3/Roles
On our on-premise TFS 2017 update 2 I want to add an extra user to the Agent Pool role as an administrator. For some reason I can not find all users in the domain.
In the image you can see that the user TFSBuild was added previously, but now when when searching or it it can not be found. I know for certain that this user still exists because in other place (e.g. add it to a a project group) I can add it. Also I'm able to add other users so the permissions to add users to the administrator role are OK.
I noted that I can add the user to the 'Project Collection Build Administrator group' but I still cannot add it to the Agent Pools or it doesn't show up in the 'filter users and groups' of the collection
First you could try to add that specific user to another agent pool. This will narrow down if the issue is related to the agent pool.
It maybe an Identity Synchronization issue, you could check this blog which discusses how to do a force sync.
Besides, you could also directly add group instead of a user on the agent pool. The users in the group will also gained the roles. And based on the roles, they will govern what operations they can perform on an agent pool.
So as a workaround, you could add a group which only included this user instead of this user, then double check if the user has properly permission.
What I do is add the user or AD-group to a team project TFS group as member. For example as a reader. Then the synchronization is done by TFS and you will be able to resolve and add the role member in the agent pool after a few minutes.
I need to know end date of role in Teradata. I know how I get create date
select * from dbc.rolemembers a
join dbc.allrights b
a.rolename=b.rolename
But I can't find where is the end of role. In Teradata Administrator I can't find it too. Please, can you help me?
Thank you
What you are trying to explain is an audit process for the creation of a role, the rights it was assigned and to whom the role was assigned. That is above and beyond the DCL statements to CREATE {role}, GRANT {access} TO {role}, REVOKE {access} FROM {role}, GRANT {role} TO {member}, REVOKE {role} FROM {member}, DROP {role}. It also falls outside the scope of Teradata Administrator or Teradata Studio to track that information.
If you have a security requirement that stipulates you need to track this level of detail, you can either piece it together from sufficient DBQL history or you can create a set of stored procedures that are used by your Security Administrator and/or DBA team to administer role based privileges and user administration.
Beyond that, you can also use Access Logging to track the successful or denied execution of CREATE/DROP USER, CREATE/DROP ROLE, and GRANT statements that are run outside the context of the stored procedures you have put in place to audit the administration of privileges in your environment.
I want to create an application about one user select other users and define there privileges, but this user don't be a Administrator or "dba". A sentence as:
GRANT GRANT TO BIG_USER;
The "Big User" have many privileges, another users the same or less.
Thanks
If you want to grant all grant that have been given to a user to some other users at first you should get that user grants then for each user write a script to give that grant. the following tables show the grant for each user
USER_SYS_PRIVS, USER_TAB_PRIVS, USER_ROLE_PRIVS tables
write a query to get privileges and then give them to other users
Oracle's permission system allows a bit of granularity regarding what you can allow this user to grant.
For objects (tables, etc) you have to either be a dba, the object owner, or have permissions granted with the grant option. So the following should work:
GRANT ALL PRIVILEGES ON mytable TO WITH GRANT OPTION;
You would have to repeat this on every table the user needs to be able to manage permissions on.
This answer is assuming you are looking at permissions on objects (tables etc) rather than system privileges.
The site is using simple publication workflow
What I have tried is
1. Add the user to the role Reviewer
2. Under sharing for the folder I gave the user reviewer and view rights.
3. I even went into zope and edit the workflow and check all in the permission for reviewer role.
But under the drop down that allows the reviewer to publish, the publish option is missing. Only advance and send back option is available.
Below is the permission in pending state
Any idea of what is happening?
It seems you have a custom workflow. Your publish transition is protected by the Request review permission, which is uncommon (this is the permission for users who want to submit for publication).
Normally the "main" permission for Reviewer role is Review portal content.