i want to disabled acces for some user to some dashboards.
i enable DASHBOARD_RBAC feature flag in my config.py configuration file but i dont see the role filter appear in the edit propreties
DASHBOARD_RBAC = True
Related
I have been trying to create a custom IAM role attached with the permission apikeys.keys.getKeyString which is in alpha stage. I am not able to see this permission listed under the options to add it to the custom role.
This is the error I am getting when running a script -
ERROR: (gcloud.alpha.services.api-keys.get-key-string) PERMISSION_DENIED: Permission 'apikeys.keys.getKeyString' denied on resource 'xxxxxxxxx'
However, when attaching the predefined role - API Keys Viewer, I am able to successfully run my script without an error. I assume that the permission apikeys.keys.getKeyString is added to the predefined role by default. Is there any way I can have this permission added to my custom role? Alternatively, is there another way I can get the API Key string using a standard permission instead of an alpha stage permission?
According to the current Understanding Roles, the predefined role, API Keys Viewer includes just:
apikeys.keys.get,
apikeys.keys.list,
apikeys.keys.lookup.
You could try adding those permissions to your custom role to see if it works.
If not, you can make your custom role based on an existing role that does work, then add and remove any permissions you wish to change.
When the feature comes out of alpha, there may be other options.
I checked the IAM & admin in the GCP console UI. I have two roles: (Company name) Project Owner and Editor. The member is my company email address.
But when I try to edit(the edit button) other people's roles and permissions, I got below message:
You need permissions for this action.
Required permission(s): resourcemanager.projects.setIamPolicy
My (Company name) Project Owner role is granted by the project manager. It seems I only have Editor role permission.
Update
I have an organization like this:
company.com
project_a
project_b
For project_b, I have the roles described above and meet this issue.
When I check the Over granted permissions(click 1489/1601) of (Company name) Project Owner, I got this:
There is no recommendation available at this time for this binding. However, you do not have permission to view the analysis of the current role definition.
But I can check Over granted permissions for Editor Role. I can only give as much information as I can
As mentioned in the comments, Project Owner is not one of the Primitive Roles for projects in GCP. It's most likely that Project Owneris a Custom Role created to provide access to users in your Organization.
The permission resourcemanager.projects.setIamPolicyis only contained in the following Roles:
Primitive Roles:
Owner (roles/owner)
Predefined Roles:
Security Admin (roles/iam.securityAdmin)
Folder Admin (roles/resourcemanager.folderAdmin)
Organization Administrator (roles/resourcemanager.organizationAdmin)
Project IAM Admin (roles/resourcemanager.projectIamAdmin)
You can learn more about which permissions are included with every of these roles in the Cloud IAM Documentation. I would suggest to ask an Organization Administrator to assign the role Project IAM Admin to your user, as this role is very specific to provide permissions to administer Cloud IAM policies on projects only. They could also add the individual roles to the custom Project Owner role, and this would allow anyone in the organization who has the role assigned to manage IAM policied within their projects.
There are a few things happening here:
1.
(Company name) Project Owner is a custom role saved on the Organization node. You need to either have roles/iam.roleViewer or roles/iam.securityReviewer on that custom role in order to see its details, such as the number of permissions.
It's greyed out because there is no recommendation. This can be because of one of these reasons
Hi, there are a few things happening here:
1.
(Company name) Project Owner is a custom role saved on the Organization node. You need to either have roles/iam.roleViewer or roles/iam.securityReviewer on that custom role in order to see its details, such as the list of permissions.
It's greyed out because there is no recommendation. This can be because of one of these reasons: https://cloud.google.com/iam/docs/recommender-overview#availability
Hope that helps!
How to create and assign role having following permissions to the compute engine service account or any other user account
billing.accounts.get
billing.accounts.list
While setting up the permissions I am having an error as
Not applicable for project-level custom roles
These permissions can only be added to custom roles at the organization level; they have no effect at the project level or below.
billing.accounts.get
billing.accounts.getIamPolicy
billing.accounts.getPaymentInfo
billing.accounts.getSpendingInformation
billing.accounts.getUsageExportSpec
billing.accounts.list
billing.budgets.get
billing.budgets.list
billing.credits.list
billing.resourceAssociations.list
billing.subscriptions.get
billing.subscriptions.list
edit: could not set at organizational level also. having the same error
API: https://cloudbilling.googleapis.com
Error message:-
You do not have sufficient permissions to view this page
There was an error while loading /iam-admin/iam?authuser=2&folder=&organizationId=1010102021615.
You are missing at least one of the following required permissions:
Organization
resourcemanager.organizations.getIamPolicy
Check that the folder, organization, and project IDs are valid and you have permissions to access them. Learn more
Troubleshoot
I am the one who sign up for this free trail GCP account(i am super user), I should have all permissions right
I selected "aws transfer for sftp" service from aws console.
However, I get the error as follows:
Unable to load content
Something went wrong, you may not have permissions to access these resources. Refresh to try again.
I created the IAM Policies and Role as mentioned in the following guide, however I still get the error:
https://docs.aws.amazon.com/transfer/latest/userguide/sftp.ug.pdf
I am assuming that you are administering your account with an IAM user rather than root (which is good). If so, you are going to need to create your own IAM Policy for the creation and maintenance of the AWS Transfer servers.
WARNING: THIS IS FOR SERVER MANAGEMENT, NOT FOR THE SFTP USERS
Steps
Sign into AWS Console
Navigate to IAM Roles
In the left menu, click "Policies"
Click Create Policy
Service: choose Transfer
Actions: check "All Transfer Actions" (transfer:*)
Resources: All resources
Click Review Policy
Give it a name like: AWSTransferFullAccess
Click Create policy
Navigate to your IAM user (or group if you have those)
Click Add Permissions
Click Attach existing policies directly
Filter your policies by "Transfer" and then yours should appear
Review
Add Permissions
Log out of console
Log back in and navigate to: https://console.aws.amazon.com/transfer
You should now be able to make a server and manage users and roles.
You might need various transfer:* permissions in one of the IAM policies that applies to you.
On Superset (Airbnb/Apache) I'm trying to set the permission of the role "Financeiro" to the datasource "aleteia_contas" but it's missing. Superset version 0.17.1.