I have assigned the Business Central Essentials license to this user:
I want to assign it to the user "Administració LaBarca" but when I change the license to that user, my companies are not available anymore. So I think companies are linked to the user/license that created it the first time.
How can I transfer the Business Central Essentials license to another user without loosing my companies?
When you assign a license to a user that user must be imported to Business Central in order to gain access.
Default permissions will be applied to the user during import and these permissions might be company specific meaning that user will on be able to access the company it has permissions to.
If you only have one license, then you need to move it to the new user and then have and Admin user log onto Business Central an import the user.
Companies are not linked to specific users, they are linked to environments which are linked to an Azure tenant.
Related
Sorry if my English is weird.
I would like to know how a non-admin account can use the Admin SDK.
If you have any suggestions, please let me know.
I'm developing an add-on for an elementary school using Google app script.
I want to limit the API by student, teacher, grade, etc. So I need to get the organization information.
There were a few other similar questions, and apparently it would be impossible to try to do it normally.
When using the Admin SDK, Google will display an acceptance confirmation screen to the user.
Once the user agrees, Google gives the app an access token that is valid for a short period of time. I'm thinking that I can do this by using that access token. Is this approach dangerous from a security point of view?
I'm sorry for the lack of explanation.
I'm currently developing a google slides add-on for an elementary school.
It's supposed to display a SPA made with vuejs in the sidebar and let you manipulate it.
For example, we can manage a whitelist of organizations that can use this application in advance, and not allow organizations that do not match the whitelist to use it.
If the organization is managed by school unit, access control can be done by domain, but in some areas, the organization is managed by city, so access control by school unit cannot be realized...
Also.We want to do the following if we match the whitelist.
The functions that can be used by teachers and students are
different.
The buttons can be changed depending on the grade level of the
students.
Automatically enter student names and class names on slides.
Use an organizational structure to manage the school and students. (https://support.google.com/a/answer/4352075?ref_topic=4390186&hl=en)
We think we can achieve this by using the Admin SDK to get organization information
Answer
It is not possible to use Admin SDK with a non-admin account as Google says in the documentation: This API gives administrators of Google Workspace domains (including resellers) the ability to manage devices, groups, users, and other entities in their domains.
However there are two workarounds for your problem, but you would need to use an admin account to configure the scenario.
Initial approach
Get the user that is running the application with the class Session and the method getActiveUser and getEmail: var email = Session.getActiveUser().getEmail();
Get the organizational unit that each user belongs to. With this information you will be able to filter users and display different options in the add-on. The main problem is that you need to use AdminDirectory.Users.get(userEmail) to get the organizational unit, and it needs the following authorization scope: https://www.googleapis.com/auth/admin.directory.user.readonly.
Solution 1
Create a Spreadsheet with all the users that are going to use the add-on and its organizational unit
Use List all users to get all the users in a domain and write each email in the first column.
Use AdminDirectory.Users.get(email).orgUnitPath to get the organizational unit and write it in the next column
Finally, when users use the add-on, search the email of the active user (Session.getActiveUser().getEmail()) in the Spreadsheet, take the row number and get the value of the organizational unit that is in the second column.
Solution 2
Create a custom admin role and assign it to every user that is going to use the add-on. You must be signed in as a super administrator for this task. You can do it here and select Users -> Read,
Assign the new role to each user creating a role assignment
Finally, users will be able to use var organization = AdminDirectory.Users.get(email).orgUnitPath
Rulerr.com is a permissions management and threat intelligence system which aggregates many sources of information into a single application for Enterprise.
I can see that we can pull activity reports on admin activities and user login info from the API, but we are looking to pull other risk profiling/threat intelligence data from GSuite API such as:
password strength per user (not the password itself)
when the password was last changed
elements in the system that have been accessed by a user, and associated data (timestamps etc)
Does anyone know if it is possible to pull this data from the admin SDK API?
password strength per user (not the password itself)
No. See Listing Password complexity Google Admin SDK.
when the password was last changed
You have to track this yourself. I guess every Users: update.
elements in the system that have been accessed by a user, and associated data (timestamps etc)
Usage details that the user has can be retrieved through the Reports API. However, there are only specific parameters that you can retrieve. AFAIK, other details that are not available (like when the last password was changed) should be monitored by the developer themselves.
If you feel like this would be really useful, I would suggest that you File a Feature Request.
I am doing a small app that requires a different user tool. The thing is this:
I have a repair application. In the company, people can repair their fridge, washing machine and kitchen items (like blender etc). There are different technicians for each (specialized). All customer comes thru one reception but each unit (dept of fridge repair for e.g.) also have a receptionist.
Then there are finance and administration units. So, I was wondering how i would go create a user who is a technician of fridge? When he logs in, i wanna take him to the technician's area so he can see repair related tasks.
And for the finance department, to log in but then go to finance section of the project.
I have created tables for services provided (fridge etc) and the departments (finance). How do I attach the users to each?
I have seen a post that describes adding fields to the user profile but i failed to attach it to my needs.
How do you guys go doing something like this? Thanks!
You can extend the user functionality without replacing the Django dUser model.
When logging in the user, you can then check the role this user has and redirect based on that role
If it is different , can anyone please explain how we can make user, a power user?
Also , code to create a power user .
There is no role specifically called "sitecore power user". I generally give the term power user to some one who's willing/capable of taking on both official Sitecore training and training in the specific implementation from the delivery or support team. They then take this knowledge and mentor/lead the content management team in day to day delivery of content. This user then often has elevated rights if not administrative rights. As mentioned above to give one user more rights then another you do this by applying the appropriate roles to the users Sitecore account
I am working on a project which needs a separate admin interface. The django admin interface is for the super super user, there will be companies who will sign up for our app and then they will have their own admin interface. Everything is set and done despite the permission. We want model level permission that's what Django provides.
What I did is:
class CompanyGroup(models.Model):
name = models.CharField(max_length=254)
permissions = models.ManyToManyField(Permissions)
Now this list all the permissions of the site itself. So, Should I start working on my own permission app or I can modify django Permissions to provide object level permissions for only some models.
Thanks
Try one of the several existing 'row level' / 'per object' permissions apps for Django:
http://django-guardian.readthedocs.org/en/v1.2/
http://django-object-permissions.readthedocs.org/en/latest/
...there are probably others, those are just the first two in Google
We are using django-guardian in current project at work, seems fine.
I am assuming that you need to control access to sub-sets of each model's objects, depending on which company the current user belongs to (i.e. you don't want people from Company A to see items from Company B). For this reason you need row level permissions.
You probably also need to limit the permissions of all 'company users' to only certain actions:
You do not need to create a CompanyGroup class.
Instead just enable the admin site, log in as super user and create a django.contrib.auth.models.Group which contains the global permissions applicable to company users.
then ensure when you create any new company user logins that they are added to that Group