By using http://localhost/v1/usergroups/usergroupid/users
I can view the no of users but I want to assign role to the users in the usergroup created
can someone help which parameter to pass in the above URL so that I can get the Role of each user and change it using postman
Related
I have installed Wso2 api manager and am trying to set up authentication and authorization via Api manager. I can't figure out how to configure certain users who will be able to login through the app. Currently, all users who are in user story are allowed to login. I need to restrict the ability to login to the app for a certain range of users. How can this be done?
You can achieve this by adding roles to the particular users. Refer to this doc https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#managing-user-roles
You need to configure the roles and permissions according to your use case:
Create a role (eg: testRole) and assign required permissions except for the login permission(Admin Permissions > Login) to that role [1].
Create a new user(eg: testUser) and assign the testRole to that user[2].
Now the testUser that you have created has no login permissions to the app.
[1] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#create-user-roles
[2] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-users/#adding-a-new-user
Users login to our AWS account via okta. Hence when i checked, there are no users under IAM.
I have a requirement to check if a certain user has access to a resource in aws. I only get the user's email, and then need to check if that user has access to the resource.
Is there any way i can do this with aws API?
From cloud trail, i got below arn for an user.
arn:aws:sts::xxxxxx:assumed-role/<Group Name>/abcd.xyz#email.com
Tried to query using IAM api, but it wont accept email abcd.xyz#email.com as a valid username.
I am trying to create a docker on AWS. I have created a an account and now I am stuck on this page:
It asks for account ID and IAM username. I do not know my ID. Where is it?
On AWS docs it says log into your account and go to support center, but the support center login requires this same screen. Please let me know if I am doing something wrong.
Click the Sign-in using root account credentials link on the sign-in page and you will be prompted for an email address and password.
This will login as the Root account, which is all-powerful. In fact, it is so powerful that the recommendation is that you should immediately create a new IAM User, assign it Admin permissions and then never use the Root login again. You can assign Admin permissions by attaching the policy called AdministratorAccess.
While you are in the IAM console, you can create an account alias that you can use when logging in via the screen you have shown. It will also give you a URL you can use to access the correct sign-in page in future.
I'm trying to build a web app that can be accessed by any user that signs up with facebook.
I want to use AWS Cognito to speed up the development for users management.
It has to have 3 type of users:
Normal users - any user that logs in with facebook
Editors - users that have a different access level (IAM role?), they can call a specific AWS Lambda function, that normal users can't call.
Administrators - users that can modify the status of normal users to make them editors or admins
Can someone please point me in the right direction? I've set up AWS Cognito Identity Pool but I'm not sure if I have to set up a User Pool or how do I assign a different role or policy to a user to make him an admin or editor (different access levels for other AWS resources), if I can get in my web app the users list from Cognito (only for an authenticated admin) and how do I allow him to modify other users roles.
Some tutorial, documentation or at least a short description of how can I do this would help me a lot.
Optional: let users to not only sign up with facebook but also with email/pass, and have the same functionality.
You should be able to use 'Role Based Access Control' feature of Cognito federated identities. This is the relevant part of the doc:
http://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html
If you are only using Facebook, you can use Facebook sub to assign appropriate role.
If you are using username and password based sign-in with user pool, you can use group support and create editors group and assign appropriate permissions.
Instead of managing Administrators with federated identities or user pool, probably directly using IAM user will be a better idea. This IAM user will have full permission to modify/add identity pool rules or user pool groups.
We are using RemoteUserStoreManagerService admin service to add subscribers (end application users) to WSO2 system. Web service automatically assign "Internal/everyone" role to such an user. Even if we provide a list of desired roles for user into WS function.
Can we change such behavior? Can we turn off auto-assignment or we need to use some different API for creating subscribers?
Main problem is, that "Internal/everyone" role for default has maximum system priorities, we want manually assign desired roles for subscriber.
It's the expected behavior that 'Internal/everyone' role get assigned to each and every user. The purpose of having this role is to assign the permissions for newly registered users (If you want the newly registered users to be capable of login and change their password etc.).
If you do not want such functionality, you remove all the permissions from this role.
Hope this helps.