I am trying to add new permission to user.
Permission Policy : "AmazonGlacierReadOnlyAccess"
However "AmazonGlacierReadOnlyAccess" is not available when i searched through permissions list.
Only "AmazonGlacierFullAccess" is available.
seems like simple thing.. am i missing something here?!!
Please let me know why it is not available. is it renamed to something else now?
Related
i'm to implement a custom resource and i'm failing when I try to update its name.
The reason that's i'm failing is that the custom resource lambda is missing the permissions to delete the old resource. since i'm giving it the exact permission by arn, and when I try to change the name of the resource which affects the arn, then it only has permissions for the new resource.
is there any way to solve this wiht giving it permissions for arn:...:/* ?
Here is some code to make this clearer, this implements an SSM SecureString placeholder (since we don't want to deploy secrets that will get away in the stack outputs so just a placeholder)
See code below, note that the policy statement passed to add_to_policy, is for arn:aws:ssm:{region}:{account_id}:parameter/* - this is the only way it works.
if I try to do minimal privileges, and set it to the specific param name arn, then if I try to update the name, it will fail due to missing permissions to delete the old resource on update.
If I manually added the delete permissions for the old resource (hard coded) it worked.
param_name = some-value # This is the ssm param name that is part of the arn
policy = AwsCustomResourcePolicy.from_sdk_calls(resources=[self.arn_join(f'arn:aws:ssm:{region}:{account_id}:parameter', param_name)])
resource = AwsCustomResource(scope=self, id=f'{id_}AwsCustomResource', policy=policy, log_retention=log_retention,
on_create=on_create, on_update=on_update, on_delete=on_delete,
resource_type='Custom::AWSSecureString',
timeout=timeout)
resource.grant_principal.add_to_policy(iam.PolicyStatement(actions=['ssm:DeleteParameter'], resources=[f'arn:aws:ssm:{region}:{account_id}:parameter/*']))
Is it possible to do somehow without giving it '*' permissions for all params?
Thanks for your help!
I tried to create new AWS key pairs and the option to create disappeared
Does anyone know why?
It would be worth checking the IAM permissions associated with the User who is trying to create the key pair. Contact the Administrator (presumably you?) and investigate. I would suggest creating a Group with Permissions and adding them to that.
I performed an experiment and added aDeny policy to my IAM User that prevented me from being able to create a keypair.
I then tried to launch an instance and the option to create a keypair (in the dialog box you show above) was still available. So, the display does not vary according to permissions.
Therefore, something else is causing your situation. I would recommend trying it in a different browser. Also, check the underlying HTML to see whether the option is coded on the web page. Something is causing it to disappear.
I am new to BigQuery GCP and to access BigQuery data we are using Spotify spark-bigquery connector as provided here.
We are able to use sqlContext.bigQueryTable("project_id:dataset.table") and its working.
When we are using sqlContext.bigQuerySelect("SELECT * FROM [project_id:dataset.table]") it is giving error:
The user xyz-compute#developer.gserviceaccount.com does not have permission to query table.
We have done necessary settings w.r.t json file and location. But don't have any clue about from where it is taking this user account details.
Please provide help regarding its cause and how to fix it in code.
This error indicates that the service account you are using (xyz-compute#developer.gserviceaccount.com) doesn’t have enough IAM permissions. You should go to your IAM settings and make sure it has at least BigQuery Data Viewer permissions.
I am new to using AWS (and S.O.), and I am following the tutorial for Machine Learning, where it asks you to create a bucket. However, it keeps saying "Error Access Denied" when I am trying to create the bucket, lets me fill out some properties, and still says Access Denied. I have researched this question carefully and for quite a while, with many suggestions saying to correct the code for "Sid","Action","Effect","Allow", etc. However, I do not understand if this is my problem, and if it is, WHERE to write this code? I will show some screenshots of my screen that it shows me, and I opened up a file that shows code related to buckets. Thank you so much and I will be reading every answer carefully, I apologize
Screenshot of my screen when attempting to create bucket
List of files when i clicked on this file named "alphaindex.h"
The likely answer to why you can't create a bucket is that your IAM user does not have the appropriate permission to do so. Whomever controls your account can add it to your IAM user.
I would suggest at minimum the following:
s3:CreateBucket
s3:ListAllMyBuckets
s3:PutObject
s3:GetObject
s3:DeleteObject
Though I can't guarantee that those are sufficient to do what you're trying to do.
Alternatively, you can be granted unlimited access to a specific bucket created for you. Instructions for doing so are here:
https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
The department I'm in recently changed it's name. However, in Sitecore, I have some groups whose name contains the old department name. I'm having trouble finding any way to rename these groups to use the new department name. There is no edit or rename option in the Role Manager.
Is there any way to rename a group after it has been created? Or is the only option to recreate that group, and All its permissions (quite the task)?
Sitecore stores permissions for items in clear text and they are not linked to the role with anything but the name so if you rename a role that you have used it on items then when you rename it authors will no longer have any right.
If you haven't used the role then you can go and change it in the aspnet_Roles table as #Bryan advises.
There is one more way. You can create a new role and give it the name you want and add the original role to it. This way authors will get the same permissions but have the new role.
The question and the answer in the post above deals with Sitecore 6 I believe.
For people who might stumble on this post:
We have successfully renamed Roles in Sitecore 7.2 by updating database without any issues.
Following are the tables need updated with new RoleName:
- aspnet_roles: update the new RoleName
- RolesInRoles: update MemberRoleName and TargetRoleName
Hope this helps someone!
If you are using the out-of-the-box Role provider, that's just standard ASP.NET Roles. There is some discussion about this here.
If you want to get adventurous, you could just edit the role name in your Core DB, table name is aspnet_Roles. Not sure what repercussions this wold have though. But hey, I like adventure. Let us know how it works. :)