I got this error:
SEC-NOADMIN: (err:FOER0000) User does not have admin role.
in /MarkLogic/security.xqy, at 6875:7, in sec:check-admin() [1.0-ml]
in /MarkLogic/Admin/lib/status-check.xqy, at 27:2, in adlib:status-check() [1.0-ml]
in /, at 6:0 [1.0-ml]
How can I grant admin role back to admin user?
A user who has the Admin role can grant it either through the Admin UI, or using the sec:user-add-roles command.
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy";
sec:user-add-roles("Jim", ("admin"))
Michael: I manage to restore the database. As such I create backup super user to mitigate risks. I appreciate your prompt attention!
Related
I'm using rest_framework_simplejwt.authentication.JWTAuthentication in Django to create tokens for our users.
But some users have limited user permissions[in the admin panel]. For example they only allow to get articles and nothing else. But the token that simplejwt creates allow user to get all other data as well.
Is there a way to adjust it? I think simplejwt overwrites the Django permissions.
The token is used just for Authentication purposes, not for Authorisation purposes. You need to use permissions for assigning permissions to different users. Read about django permissions here. If you need to customize permissions, you can extend DjangoModelPermissions class.
I am using the .NET API to provision user accounts. I am having a problem when trying to update a user who has delegated admin privileges as a member of one of the builtin admin roles such as the "Password Reset Role". If I remove them from the role the account is updated successfully. When a member, I cannot update orgUnitPath, givenName, or familyName. I am able to update the custom attributes that have been added.
Anyone know if this a bug or feature? I am using version 1.36.1.1335 of the Google.Apis.Admin.Directory.directory_v1.dll library.
Imagine I have a mobile app, and then I create a new Facebook app, which I use to login users through it. In order to log into the app, users have to grant user_likes permission.
Then, I can access their user_likes with a request to the facebook graph using the app_token. I've tested this. But also, I realized that only the user_likes set to "public" are shown. All the user_likes that are private or only friends, are not shown.
Is this the intented behaviour? I mean, if some user granted me access to user_likes and he didn't revoke explicitly the permission after that, should I be able to get the user_likes anyway or no?
Thanks in advance.
You need to use an User Access Token, not an App Access Token. That's what they are for.
I have a set of permissions, from which I am assigning some specific permissions to the user. i am using this:
assign('view_userreports', <objectofuser>, <objectofreport>)
The permission is assigned successfully, but when I goto admin interface to see the assigned permissions it dosen't highlight any of the permissions. Please help me how can I save the assigned permissions?
I believe the shortcut method should be assign_perm and not assign. See the django-guardian docs here.
Also, note that object-level permissions will not show up on the admin Auth view (http://localhost:8000/admin/auth/user/) for the user. In your app's admin.py (or wherever you register your models to the admin interface), do the following:
from myapp.models import SomeModel
from django.contrib import admin
from guardian.admin import GuardedModelAdmin
class SomeModelAdmin(GuardedModelAdmin):
pass
admin.site.register(SomeModel, SomeModelAdmin)
Once you have granted a user some object-level permissions for a specific object, browse to that object in the Admin interface. Now you should have an Object Permissions link in the upper right of the page:
Click on that and you will be able to see and manage the object-level permissions for that object for any Django user.
How can I give access for the admin views to normal users in django?
Go to the admin site and edit the user. Check the check box (under permissions) where it says:
"Staff status
Designates whether the user can log into this admin site."
You then need to grant them appropriate permissions for them to actually see things in the admin site. That is done just below this checkbox. If you want them to be able to do everything, check the "superuser" checkbox.
Is this what you mean?
Update
The OP actually wants to apply these permissions to a group of users. To do this, go to the admin site > Auth > Groups. Create a new group. Give it the permissions you want the group of users to have. You then need to go to each user and add them to this group. They will also need to be given "staff status" in order to log in to the admin site.
Is that what you are after?