I'm trying to secure some REST URLs that are present in my ApiController.php so that users with certain privileges can access these REST APIs.
I created some users and assigned them with some Roles using the below link:
https://www.drupal.org/docs/user_guide/en/user-concept.html
As you can see, I'm creating roles in Drupal Admin following below steps:
Drupal UI → People → Role → Add New Role // line 4
After that, I added a few permissions in permission.yml:
xyz.permissions.yml
edit permission:
title: 'edit permission'
And updated routing file to secure APIs:
xyz.routing.yml
xyz.update:
path: '/update'
_controller: 'ApiController::update'
_permission: 'edit permission'
This is working fine. i.e. users that have "edit permission" can access URL "/update".
But, I don't want to do step on line 4 rather I would like to use some .yaml file to create Roles.
Is it possible to create/manage Roles using a .yaml file?
Role creation can be done through install and uninstall process of module but not possible through Yaml file.
Related
I'm trying to figure out how the google translate API works. I have little experience with google cloud api.
I'm getting this error: PERMISSION_DENIED: Cloud IAM permission 'cloudtranslate.generalModels.predict' denied.
My questions:
Why do I need this permission? I am setting source and target language in my code. There is actually nothing to perdict.
How to get this solved? I assume based on related questions that I have to give my service account these permissions, but I haven't figured out how to do this in the console. In the service account tab I cannot link permissions. In the roles tab I created a role with these permissions, but I wasn't able to link it to my service account.
try (TranslationServiceClient client = TranslationServiceClient.create()) {
// Supported Locations: `global`, [glossary location], or [model location]
// Glossaries must be hosted in `us-central1`
// Custom Models must use the same location as your model. (us-central1)
LocationName parent = LocationName.of(projectId, "global");
// Supported Mime Types: https://cloud.google.com/translate/docs/supported-formats
TranslateTextRequest request =
TranslateTextRequest.newBuilder()
.setParent(parent.toString())
.setMimeType("text/plain")
.setTargetLanguageCode("de")
.setSourceLanguageCode("en")
.addContents("Hello World")
.build();
TranslateTextResponse response = client.translateText(request);
// Display the translation for each input text provided
for (Translation translation : response.getTranslationsList()) {
System.out.printf("Translated text: %s\n", translation.getTranslatedText());
}
}
Cloud Translation API internally uses Google NMT(Neural Machine Translation) to translate the text which automatically predicts the text and translates it in another language. It was developed to increase fluency and accuracy. GNMT uses a large artificial neural network. This permission is required to predict the text internally in order to predict the languages.
Google has created predefined roles which are given granular access using permissions to prevent unwanted access to other resources. For giving permissions to service account, you can follow the below steps :
Search for the roles which have the permission
cloudtranslate.generalModels.predict in this page.
Go to the IAM & Admin page in the console and search for the service
account to which you wanted to add the roles.
Click on the pencil icon present at the rightmost column.
Add the specific roles to the service account which contain the
above permission and save it.
If you have created specific role, then you can search the role in
the custom roles and add the role and save it.
You can check the image below showing the pencil icon.
The below image shows the edit permission page.
I have installed Airflow in my Ubuntu system and trying to deploy Airflow to production. I would like to turn off the menu Docs on the UI (browser).
I was reading setting permissions on the menus here access-control but it is hard to turn off this menu for each role. I am curious to know if we can Disable/Hide/Remove Docs menu from the root.
There's no one-click way to turn it off globally. I wonder why it's hard to turn it off for each role? The only way to truly perform this in one action is to query the metastore directly and remove the menu access on Docs permission from all roles using a single SQL query.
Assuming you don't have too many roles, it takes just a few clicks in the UI. First you'll need Admin permissions and go to Security -> List Roles. In there, edit each role and remove the menu access on Docs permission.
I need to create a lot of new AWS users.
I would like to generate their usernames from their email addresses:
Example#gmail.com -> username: example
and give them a default password that they will be able to change when first logging in. Once the user is created, all users should be put into the same group to have the same permissions.
Is there a bash script or python with which this process could be automated?
You can use AWS CLI for bash or AWS SDK (boto3) for python to automate this task.
Here's what you'll need to do:
Read emails either from file or database.
Use SDK create_user function to create new IAM user. Visit the link for doc link.
Use SDK get-login-profile function to create password for user with password reset on login flag. Follow the link. Note: It'll give console access to user.
Add user into specific group using SDK. Follow the link.
Ref:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_cliwpsapi
We need to add a custom role which should have edit permissions on the page but should be able to add components\create new content. The user shouldn't be able to publish content or add new pages. He can edit page and add\create relevant components\content on the page. Currently, we've added below roles to the custom role and denied 'create' permission to the role on the entire content tree except for relevant page templates and placeholder settings.
Sitecore Designer
Sitecore client authoring
But while adding content in experience editor user is getting 'you don't have access to add content' error. What should be the exact set of permissions to be able to add content to pages but not create pages.
By default items are denied access and you need grant the specific access on the items in question. To be able to edit an item a user will need the Write permission.
Resources:
The different Access Rights explained
Assigning Access Rights
I am new to sitecore.
I have a question regarding packaging Domain and Roles on sitecore (we are using sitecore 6.3.1).
I am packaging content from our dev box to stage and I would like to transfer the Domain, Roles and user created on dev to stage.
The package designer shows a button called 'Security Accounts'. I added the specific user \ who belong to the specific domain and role.
On installing the package to stage site, it throws an error 'blah domain not found, cannot create user'.
So the question is, do i have to create a domain manually on the stage server before I install the user? or is there a way where I can copy the domain and roles to create the user?
Help much appreciated.
I have discovered that the domains are stored in /App_Config/Security/Domains.config and you can migrate between installations simply by copying or editing this file.
Or you can create the domains manually via the Security Domain tool.
Either way the domain must exist before you can install a package with users or roles.
If your target solution doesn't have the domain the user lives in, you'll have to create it manually. However, the roles can be transferred via package the same way as users. If the user A is in role B, and you don't add role B to the package, there should not be any error - simply the user A won't be a member of the role B on target environment.
I would think the answer Yan comes with would work with domains.
But you might need to have the Domain(s) in a package which you install first, or have it as the first "part" of your package, so it gets installed first.