I've a script that provisions workspaces and their permissions.
I'd like to enable the setting "Allow contributors to update the app" for some of those workspaces.
Is there an API call for enabling/disabling it?
I've looked at the API but didn't find it there.
Related
I am not a true Salesforce Administrator but I essentially serve as the main administrator for my small organization's Salesforce. My Salesforce User account has system administration privileges in our instance. I am out of my depth on a particular issue. We've agreed to post some data to an AWS S3 bucket for one of our donors. But I can't seem to figure out how to make that happen. I have experience writing POST requests for other things but I've never worked with Salesforce on the task.
It seems clear that I need to enable CRM Analytics for my organization in order to access the data manager where I would create an API connection. However, when attempting to enable CRM Analytics, I get an error message that "This feature is not currently enabled for this user." (error ID: -2109318112). I've tried creating a new permission set to assign appropriate access following this help doc guidance but the permissions listed in the help doc don't match the options I see available.
For details, my organization has 60 Lightning Platform- Enterprise Edition Licenses and my specific user license is "Salesforce" with a "System Admin" profile. The System Admin profile was customized by a third party Salesforce consultant before I joined the organization so I am not sure to what extent if any it varies from a standard system admin profile.
Any and all help would be appreciated.
I need to give permission to a developer to edit the "App configuration" and "Store Listing" pages at the Google Workspace Marketplace SDK API on Google Cloud, with the current permissions the "save" button [is not enabled][1].
The only solution i found so far was to add the Editor role to his IAM user, i wish i was able to add the exact permissions to perform this action, but the appmetadata.records.create and appmetadata.records.update permissions GCP suggested do not exist and neither are listed anywhere.
Those are the current permissions they have:
Compute OS Login,
Google Workspace Add-ons Developer,
OAuth Config Editor,
Service Account User,
Viewer,
I have an application that can manage Google Calendar within the Google Workspace of the company. The application contains more than one company.
I want to use domain-wide delegation. As described here or here admin of the workspace needs to add service account id and scope manually.
Is the way to do this programmatically?
After some research and also looking into Google Workspace's Admin SDK documentation here and here this does not seem to be an available option at the moment.
You may want to submit a feature request here for that.
For service or local applications, the admin has to manually generate the service account and grant this service account with domain-wide authorization. There is no way to do this programmatically (unless for pure SaaS applications).
I am trying to use setIAMPolicy for Cloud Build Service account #cloudbuild.gserviceaccount.com. I want to provide AppEngine Admin, Cloud Run Admin permissions to the Cloud Build Service member so that it can do automated releases on AppEngine.
Somehow it throws 404 when I pass resource of Cloud Build Service account while getting IAM Policy. To confirm, I tried GET https://iam.googleapis.com/v1/{name=projects/*}/serviceAccounts in API Explorer and it also does not return the Google Managed Service accounts. It seems it only returns the service accounts which are created and not the Google Managed default accounts.
How can I set IAM Policy to grant these permissions to Cloud Build?
The general idea is to enable these permissions for both App Engine and Cloud Run.
Also, a common problem is not knowing that cron permissions are needed for App Engine and Cloud build. For example, this article mentions "Update cron schedules" as "No" for "App Engine Admin". Whether you need that or not depends on how your builds are done. If you end-up needing that too, use permission "Cloud Scheduler Admin" on your #cloudbuild.gserviceaccount.com. You can apply the same logic to other permissions and that chart might be useful for knowing what is needed depending on your setup.
i've got an on premise SSAS instance which is configured in powerbi using gateway, configuration is proper as report using dataset from SSAS works from app.powebi and even from embedded report if token is requested using username/password flow.
From security reasons our client demand was to introduce service principal, it is turned on, set as admin on workspace, i've added 'ReadOverrideEffectiveIdentity' to service principle using powerbi dataset api.
Currently when i request embedd token using clientSecret (service principal) it requires EffectiveIdentity to be passed (which was not passed before in this path).
I've tested two different approaches:
-passed EffectiveIdentity with identifier = ServicePrincipalObjectId
i can see in developer tools that https://wabi-north-europe-redirect.analysis.windows.net/powerbi/metadata/models/5330774/?modelOption... returned 401
-passed currently logged userId (this is normally passed for other datasets pointing directly to database):
report is embedded but when it's loadingvisuals i get 401 and i can see that 'https://wabi-north-europe- redirect.analysis.windows.net/explore/querydata'
returned
"{"error":{"code":"RLSNotAuthorizedForImpersonation","pbi.error":{"code":"RLSNotAuthorizedForImpersonation","parameters":{},"details":[],"exceptionCulprit":1}}}"
i've tried with different users, added manually to SSAS security pane with proper roles, Gateway is in newest possible version. In Gateway logs there is info about request, some processing but in scenario when it doesn't work there is no report sql execution.
Do you have any ideas what should i check next and what is wrong?
I've based my work mostly on:
https://prologika.com/power-bi-embedded-service-principals-and-ssas/
https://learn.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#on-premises...
https://learn.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#working-wit...
Thanks in advance
https://learn.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#on-premises-data-gateway-with-service-principal
You need to add the service principal as an administrator on the data gateway that is being used for the connection to the onpremise SSAS dataset. You may need to add the Service Principal to an Azure AD group, make this group a gateway admin.
PowerBI.COM
Click the gear on top right corner
Click Manage Gateways
Click the gateway on the tree to the left that is used to connect to your onpremise SSAS db
Click the Gateway
Click and change from the Gateway Cluster Settings tab to the Administrators tab.
Add the service principal as an administrator
Also are you sure you are genearting the embedded-token with the required identity? SSAS data sources will required an effective identity.
"identities": [
{
"username": "user#my-app.com",
"roles": [
"report-rls-role-name"
],
"datasets": [
"my-dataset-id-xxxxx-xxxxx-xxxxx"
]
}
]