I am trying to figure out how best to implement my project on Apigee platform. What seems like it would be the easiest option would require me to set user-specific permissions to allow access to particular entries in the database. At the first glance it would seem that it should be possible on Apigee, because permissions are set for "paths", and each data entry has its own path. In fact I am able to set such specific permissions for a role (like "Default"). However, when I select a particular user, go to "Roles & Permissions", and try to add this same specific permission, I get an error "Please match the requested format". It doesn't give me any more info than that, so I can't figure out what the issue is. I also realized that I can't set even a simpler permission for a user (like PUT for "//books/").
Please help me figure out what's going on. Thanks!
For example, I tried to use the path "/books/a93cc1ca-7c86-11e3-9d0f-29390a4673d8", which I get from this screen:
When I put it into the user's add permission dialog I see the following:
Did you try without the preceding '/' at the beginning.
That is just
books/a93cc1ca-7c86-11e3-9d0f-29390a4673d8
in place of
/books/a93cc1ca-7c86-11e3-9d0f-29390a4673d8
Alex, Santanu is correct. The field requires a / at the beginning, but this is a poor user experience. We will get this corrected in the next release.
Related
What I need is a simple app where people can write down a 'diary'. The entries are only visible for the user itself and maybe for a mentor (role).
How would you take that on?
Is there a filter ‘show only own entries’?
Cheers
Tycho
BTW: You can also set content-type permissions so
1. registered users can create new items
2. owners (the people who created it) can also edit the items
This allows for building all kinds of solutions like the one above ;)
I just discovered the Ownerfilter in the querydesigner. And that does exactly what I need.
I am a beginner in AX and I am trying to set access rights for some users and on a specific operation they get the error that they don't have access to the table SalesCreateReleaseOrderLineTmp. I have manually searched for this table in every category, but without success. I found on a website the full description of this table -> Order Lines - SalesCreateReleaseOrderLineTmp - ID: 995. I've search for the ID as well, but again no result. With admin rights everything is ok, but obviously not a solution.
Is there a fix location of this table and can anyone tell me where it is? :) Or is there any way to search for this table (by ID or name)?
I guess with
I have manually searched for this table in every category, but without
success
you mean you tried to find the table in the form for maintaining the user group permissions?
If so then this is due to the fact that temporary tables are hidden from that tree view as the class method SysDictTable.allowSecuritySetup is called from SysSecurity.expandSecurityKey while building the tree view and in this method there is - among other things - a check whether the table is temporary.
So essentially you have 3 options:
Give your permission group the desired access on the security key so that the group 'inherits' access to the table through it - downside of course could be to be too permissive but upside is better maintainability :)
Remove the security key on the temporary table as this in general is IMHO a wrong decision anyway. The application shouldn't restrict access to temporary tables (which are intrinsically scoped to the user session anyway) but rather force access checks in the code filling that table or even higher level processes.
Customize the code which builds the security tree view so that it includes temp. tables.
Try to apply the first option above that works for you as the first one does not need any application modification and the second one is only a simple property change which in my opinion is currently bad configured anyway. The last option should be the last resort.
Whenever we assign an Account to a different owner in CRM2013 Online, the timestamps for the notes change, to match the time the account was assigned and who assigned the account. Is it possible to change this, so the timestamp only shows, when the note was created? And show who originally created the note?
I see the logic in the way is works now. It updates to show when it was last changed and who changed it - but I would LOVE to change it, so it would show WHO created the note and WHEN it was created.
Is this a thing you can change in the current iteration of CRM2013?
I don't think that it would be possible. But anyway try to leave your suggestion on Connect.
It's an impact of the Cascade for Assign action on Account.
You can switch off that Cascading from the relationship between Account and Note.
However it's necessary to check if new owner has access to related Notes accordingly to his role permissions.
I have a plain Plone 4 configuration and I need to keep track of users' activity. However, the log file instance-Z2.log labels all accesses to the server as "Anonymous" or "admin". I.e., regular users are labelled as Anonymous, therefore I can't extract any stats about individual users' activity.
How can I change that behaviour?
Haven't used it myself, but I believe this is what http://plone.org/products/collective.usernamelogger does. Give it a whirl. :-)
I have a webpage that you pass in an id parameter (via a querystring), which it then uses to fetch data from a database. Typically, a user would navigate to this page from another page that lists only those records that the user has access to. However, if they go directly to the page by typing in the URL in the Address Bar, they can effectively view any record they like.
Eg. If they were to type something like http://localhost/TestSite/ClientAdmin/ManageLocation.aspx?LocationID=5 into their Address Bar, they can access the database record with the LocationID equal to five - even though they shouldn't have access to it.
Now, I could solve this by doing a database check every time the page is loaded to see whether the current user has access to the record they're trying to view. However this doesn't seem very efficient given that in most cases a user won't be trying to access a record that isn't theirs. Does anyone have a better suggestion?
Thanks.
Rather then doing an extra check when the page is loaded you could use an INNER JOIN and effectively return nothing if the access rights aren't there.
If all the indexes are there it shouldn't cost very much.
You could use Page.Request.UrlReferrer to see where they've come from, but it isn't a completely safe way of achieving this.
If each user has 'their own' data, that other users don't have access to, then it sounds like you may want to look at proper multitenancy - though that is often on a per-organisation basis rather than per-user:
http://en.wikipedia.org/wiki/Multitenancy