Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm creating users for a practice project and came up with three - author, reviewer, publisher.
author - should be able to create, edit and delete items.
reviewer - should only be able to read and approve items.
publisher - should only be able to read all items and publish those that have been approved.
I read in an article that these roles would suffice for a content author - Sitecore Client Authoring & Sitecore Client Users, and so assigned the same to author.
When logged in as author, the insert option is greyed out !!!!. So, I logged in as admin again and tried giving access to the Home item (read, write etc) for author, but it says access denied.
Please clarify for me the following:
1. The users I thought of, are they correct or work good in a real scenario?
2. Why am I not able to give access for author to the Home item.
3. Is creating a custom role necessary. Should there not be a sitecore standard role(s) already for these users which are common for every project.
4. Kindly suggest the roles that I should assign for my author, reviewer and publisher
This question doesn't really fit the guidelines for SO, but to answer your questions:
It's uncommon to have a dedicated publisher. More common is to have workflow that automatically publishes once content is approved i would expect. You can likely get away with just 2 roles.
Those roles should be enough but check the doco, please clarify whether your admin user is getting the 'access denied' message or your author. Admin users should not be denied anything; likely your security setup is causing the problem (item permissions, not roles)
Standard roles are granular to allow you to tune your setup. There are a number of sample sites you can get (like launchsitecore.net) that can show you how to use these roles, plus there's documentation. You can also post to community.sitecore.net
There's a combination of roles and privileges required to achieve this too detailed for SO. Refer to documentation, various blogs, or a sample site to see how to use the security features in a real world application.
You can set it using the Workflow feature and altering security rights on the workflow level. The simplest workflow structure should be like:
Initial step 1
Submit command (moves item to step 2)
Awaiting Approval step 2
Approve command (moves item to step 3)
Reject command (moves item to
step 1)
Awaiting Publishing step 3
Publish command (moves item to step 4)
Reject command (moves items to
step 2)
Published final step 4
Auto Publish action (standard action that will publish item automatically as soon as item appears in the final state)
All 3 roles should be a member of at least Sitecore\Author role. It allows basic access to item editing features. Do not forget to explicitly allow Write etc access using the Security Editor application. If it doesn’t work for some reason check current rights using the Access Viewer application, once you select some particular security account and item, you should be able to inspect allowed and denied rights with explanation on the right side.
Then you need to set access on the workflow level (for instance, a reviewer can execute the Approve and Reject commands in the “Awaiting Approval” state, and can’t - in other states. Same for author and publisher).
Useful docs (valid for Sitecore 8.x as well):
https://sdn.sitecore.net/Reference/Sitecore%207/Security%20Reference.aspx
https://sdn.sitecore.net/Reference/Sitecore%207/Workflow%20Reference.aspx
Related
I would like to know the exact details and impact of the specific security roles, that can be assigned in the Power Platform. I am not able to find such documentation. Does anyone know where to find it?
Also, I am especially interested in this on called "Solution", located under "Customizations".
Actually, there is no official doc mentioned about these details (Each privilege listed under customizations).
For any user who wants to run powerapps app (canvas app or model-driven app), he/she must own minimum privilege of the environment resource. You could find more details from following link:
Minimum privilege to run an app
BR
Kris
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I have build a web application using Django, Vue.js and deployed it on Heroku. It is a web application made for a big charity where you can win prizes by donating to the charity. The following information is collected:
Name
Username
Email
Password
Which is pretty basic, I guess. The reason no payment information is stored is because, upon clicking 'Donate', the user is redirected to JustGiving (implemented the JustGiving API) where they enter their payment information and such and are then redirected back to our website.
A few emails are sent:
An email when somebody wins a prize
An email if you are the winner of the prize
An email when a new prize draw is taking place
A receipt of your donation
This will be the first time I properly publish a web application so wanted to ask what steps I need to ensure to make sure the web app is legal. I know I have to probably have a 'cookies' alert and a section where users choose to receive emails or not.
What other steps must I take to make sure I am not breaking any rules?
GDPR can feel complex, but since you're gathering minimal information here, it doesn't need to be. Following best practice as a developer should ensure you're doing your due diligence with regards to security.
To keep you and the charity safe in case of a breach, I would ensure you have a signed document between you laying out clear responsibilities, and detailing how long you will be holding the information. For example, if someone signs up but doesn't win a prize, at what point is you holding that person's information unnecessary?
I would work through the ICO's guidance to charities - https://ico.org.uk/for-organisations/in-your-sector/charity/charities-faqs/
GDPR compliance is shaped by the eight rights bestowed on users with respect to their data. You need to ensure all of the rights are preserved:
Right to be informed
Your use of user data must be transparent. What data do you collect, what do you use it for, and with whom is it exchanged? This is typically documented in your site's privacy policy.
Right of access
If someone asks you for their data, you must provide it to them. The way you provide it needs to be a commonly used format, e.g. JSON or CSV.
Right to rectification
If there is incorrect data about a user you must let them correct it.
Right to erasure
Users can ask that their data be deleted or removed, if there isn't a strong reason to keep it around. In your example this would correspond to deleting their account.
Right to restrict processing
Users can ask that you block any further processing of their data; you may continue to store it but you can't perform other business operations on it.
Right to portability
Similar to the right of access above, you must allow users to export and reuse their personal data for their own purposes.
Right to object
Users can object to having any personal information used for purposes they don't want, like for analytics or marketing.
Individuals can object to having their personal information used. This includes for purposes of direct marketing, research and statistics.
Rights related to automatic decision making
This defines requirements you have to meet to use user data as part of automatic decisions like issuing credit or deciding whether they can be on a waitlist.
Ultimately, however, GDPR compliance is a legal question and can't be answered through a technology lens.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have a few questions about auto-renewable subscription. I apologize in advance if these questions are out there but I figured asking these questions here was my best place to start.
Does anyone know the best tutorial on auto-renewable subscriptions? The ones I have found all had problems somewhere. The way I want it set up is that once the user purchases it will run a php script and update the database then redirect the user to the membership section.
What is the best way to check if the user is still paying for their membership and haven't cancelled it? If cancelled then I will run a php script to update the database.
If possible how can the user cancel the auto-renewable subscription from the app? Say the user deletes their account then in the backend Swift I want to also cancel the subscription.
These questions are pretty broad and subjective. There are a lot of ways this could be set up depending on your requirements.
1) The links below may help. You'll need to build an API you can send the purchase receipt from the client. Your server will handle receipt validation, update your database, etc. then return a successful response that will be your trigger to transition to the membership section.
2) With the receipt saved on your server, periodically poll Apple's /verifyReceipt endpoint to get the most up-to-date subscription status for the user. You can combine this with Apple server-notifications which can be another trigger for you to refresh the receipt.
3) The can't cancel their subscription from within your app, there's no developer APIs to manage subscriptions. They can only cancel from the Apple subscription management page. If you've implemented #2 correctly you'll know about these cancellations shortly after they occur. Remember that when a user cancels they should still be able to access their subscription until the end of the billing period they have paid for, unless the cancellation was due to a refund.
Some helpful links to get you started:
Overview on handling auto-renewable subscriptions: iOS Subscriptions are Hard
What to build in your server: How to Build a Great iOS In-app Purchase Subscription Server
(Alternatively, since you're on a deadline you can use a hosted solution like RevenueCat that handles all of this and more right out of the box)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
If I work together with only one employee, how is the best way to organise this in redmine?
I work for several customers and work there myself or my empoyee. I would like to create tickets that I can give to my emloyee or myself.
At the end I want to see the open tickets sorted by priority.
The most important for me is that if a customer calls, I can fast click on "New ticket" and create a ticket for that customer where I write down his wishes.
The tracker field in redmine defines the nature of the issue. By default, Redmine comes with three different trackers: bug, feature, and support, but those are not really fitting to my small business.
Should I change the default options in this field "Tracker" into my customernames and use this field to select my different customers instead?
If you haven't used redmine before, you'll probably just have to start using it, familiarize yourself with the different options it offers and adapt it to your particular needs later on.
I strongly suggest creating either a redmine project for each client or for each client project:
Create one redmine project for each client if
your client work isn't project based
you have lots of very short projects
you'll plan having only a few tickets per client
Create one redmine project for each client project if
you're client work is project based
a high volume of tickets is to be expected
you have several projects for one client
you have a different POC at the client for each project (you may want to give access to a client for her project only)
projects are limited in time (you may close inactive projects)
reporting by project is needed
You can view open tickets by priority - I recommend creating a custom filter for this purpose. This filter can then be used on a global level to view all tickets of all projects as well as within a single project.
In order to create new tickets rapidly, you may want to save a shortcut for each client if you feel that navigating to that page takes too much time. Otherwise, you may configure the text of redmine's start page with useful links. There's also the possibility to setup issue creation by email. I personally find that navigating to the new issue page of a project is quite easy with redmine.
Feel free to change the trackers and their names. You may find that a single tracker is all you need. Reasons for multiple trackers may be:
Reporting
Different workflows
Limiting access
In general, I recommend to keep it simple, especially in a 2-man shop.
We have a small pool of approvers that are also active content editors. That means that they need to monitor the workbox and make and approve their own edits.
We used to give everyone admin access, but that lets you completely skip workflow very easily. We have several programatic steps within workflow that we want to always execute. Plus it is generally bad practice to have most users be administrators.
We thought everything was working fine with our approvers in standard roles, but one of the users discovered that they could see several additional items in the initial workflow state when logged in as a full admin that they could not see as themselves.
A typical scenario would be that one of their peers locked an item, but never submitted.
I looked at permissions on their role and they seem to have all of the appropriate rights.
Screenshot of Access Viewer for the user in question on an item that is locked by another user, but does not show up in the first user's workbox.
Workflow and Security go hand in hand and can be a bit tricky. It is rather hard to answer your question without fully seeing your users, roles and applied security for all items (content & workflow).
From the workflow reference document section 3.4.1:
The effective access rights on an item can influence the behavior of the Workbox application. A user must
have write access to an item in order to see the item in the Workbox. Note that a user may not have write
access to an item if the item is currently checked out (locked) by another user.
Furthermore:
Users who have read access to a workflow state can see that state in their workbox as long as the state includes workflow commands for which they have command execute access rights.
If running through this document does not provide any assistance, you may need to clarify your question with details around role hierarchies and permissions on items. Perhaps a lightweight Sitecore security report would be useful for reporting back your settings.