I have done the setup of the Apache superset. There as admin created dashboard. I have published that dashboard. also, I have enabled DASHBOARD_RBAC flag and added "siteuser" role in roles for this dashboard. I have created one user with "siteUser" role, I have logged in with that new user there I am not able to see that dashboard.
Please let me know how to publish and show admin created dashboards to regular (read only) login based users with "siteuser" etc role.
Note: Using Apache SuperSet 1.3
Related
Requirement
I am working on a client project where we need to setup our AWS managed OpenSearch dashboard (Kibana). As per the requirement, we should use keycloak for SAML configurations. Also need to use LDAP as user federation.
Current Setup
AWS OpenSearch setup is completed and able to login with the master user credentials.
Integration of Keycloak with OpenSearch dashboard is done. I am able to login to the OpenSearch dashboard using keycloak local user by adding it in the all_access group in Dashboard (kibana).
LDAP integration with Keycloak is also completed. I can sync all LDAP users within Keycloak and able to login with individual LDAP users when adding them in the all_access group in Dashboard (Kibana).
Issue/Open tasks
How can I add the entire keycloak group to the OpenSearch Dashboard so I do not have to add individual users. I tried adding the group name in the dashboard under backend role section but it does not work. Also tried a few mappings (not sure if they were correct) but got no luck. Every time it gives "missing role-contact your administrator"
Same issue with LDAP groups as well, I can sync all LDAP groups within my Keycloak but not sure how to map them with OpenSearch Dashboard to login.
Ultimate Goal
Create two groups, one as admin and other as limitedaccess so that users who are part of admin group can login with the assigned permissions and users in limitedaccess group can login with their permissions.
I do not want to add individual users in the Dashboard rather they should be able to login directly based on role/group mapping.
The issue is resolved.
Following are the things I did, which may be useful for others looking for similar setup.
Created two groups in my Keycloak. "admin" and "limited".
Created two roles "admin_role" and "limited_role".
Made the limited group as default group and the limited_role as default role so the new users will directly get the limited permissions.
Next, which i was missing all the time (and thanks to other stack overflow answers) was to enable the Single Role mapping. For this, Go to Client scope role_list --> mappers --> role list --> enable "Single Role attribute"
Added the "Role" keyword in OpenSearch in the role key section (under additional settings in AWS OpenSearch SAML configs.). Also mentioned a generic user in the SAML master user section (generic user which I created in Keycloak) so that I can gain admin privileges to add backend roles in OpenSearch Dashboard.
Finally, logged in to my OpenSearch with this generic user. Go to the security --> Roles --> Manage mapping --> backend roles --> added my admin_role to the all_access and limited_role to the read roles.
Now I am able to login with all the users who are part of the respective groups in Keycloak.
I have installed Wso2 api manager and am trying to set up authentication and authorization via Api manager. I can't figure out how to configure certain users who will be able to login through the app. Currently, all users who are in user story are allowed to login. I need to restrict the ability to login to the app for a certain range of users. How can this be done?
You can achieve this by adding roles to the particular users. Refer to this doc https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#managing-user-roles
You need to configure the roles and permissions according to your use case:
Create a role (eg: testRole) and assign required permissions except for the login permission(Admin Permissions > Login) to that role [1].
Create a new user(eg: testUser) and assign the testRole to that user[2].
Now the testUser that you have created has no login permissions to the app.
[1] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#create-user-roles
[2] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-users/#adding-a-new-user
I am following this tutorial for creating a React app in AWS.
In step Initialize the Amplify app of section 3, I see the following error (i.e. Setting up Admin UI failed.) in the Backend environments tab:
I know that I have a limited account from our administration side, but I don't know what role is missing that I cannot create the backend for my app!
Does anyone have any idea that, how I can find out what role is missing that I am not allowed to create the Amplify Backend?
Also in the console tab no info is printed.
I had the same problem when I tried to deploy from the Admin UI sandbox app, as a ROOT user on my AWS account. I fixed it after I went to Billing and completed the payment info requirements.
Before that I couldn't even access DynamoDB tables (which are used by AWS Amplify and Admin UI).
If this doesn't work, you can try having Amplify and maybe DynamoDB related roles enabled in IAM for your user.
You can start with these roles:
AdministratorAccess-Amplify
AmazonDynamoDBFullAccess
When I create a new database instance in Google CloudSQL, it creates a default user called postgres. I created another user and when I tried to remove the default postgres user I received a message: Can not remove a System user.
Some months ago I could remove the default user without problems. Did google change anything in CloudSQL? How can I remove the default user?
The postgres user is part of the cloudsqlsuperuser role. Because Cloud SQL for PostgreSQL is a managed service, it restricts access to certain system procedures and tables that require advanced privileges. In Cloud SQL, customers cannot create or have access to users with superuser attributes, including the postgres user. This is documented on the PostgreSQL users documentation page.
I have created new user in sitecore and also created new role with read access for entire content tree But I am not able to login into CMS. I want to know what is the minimum requirement for login user in Access viewer and security editor? If I make it that user as admin then I am able to login.
To enable login, it's the Sitecore Client Users role.
Gives the user minimal access to Sitecore. With this role, the user
can log in to the Sitecore Desktop, but will not have access to any
applications.
All of the other Sitecore client roles are members of the Sitecore
Client Users role, which means that users in any Sitecore client role
are automatically members of the Sitecore Client Users role.
For security I think you will need Sitecore Client Securing.
Gives the user access rights to security features in the Content
Editor and other relevant applications.
This role is intended for users who need to maintain users and access
rights.
All info on the roles can be found here: https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/users_roles_and_domains/the_security_roles