Is there a way to export the list of clearcase/quest users?
I saw the utility in the "user administration" program but it export everything and I only need the users that use clearcase/quest for the last year.
thanks!
It seems that such an export should differ between ClearCase and ClearQuest, since only the latter has a user database (while the former -- ClearCase -- relies on system account).
You can check, for Clearquest:
"Using the ClearQuest API to access a user database"
"Querying Rational ClearQuest user databases"
ClearCase users are usually registered in a Windows group dedicated for that application (like "ClearCaseUsers").
So you could try and list all the users of that group (or any group you configured ClearCase to use) in order to get the list of ClearCase users.
What kind of list are you looking for?
You can use ClearQuest OSLC CM REST API found here (https://jazz.net/wiki/bin/view/Main/RcmRestCmApi) to issue an http request and get a XML list of all ClearQuest users:
http://localhost:8080/oslc/cqrest/repo/7.0.0/db/SAMPL/record/?oslc_cm.query=&rcm.type=users
Where:
http://localhost:8080/oslc/cqrest/repo/7.0.0/db/SAMPL/record/
is a sample base URL. You would have to figure out what your base URL is. The following API documentation helped me figure that out https://jazz.net/wiki/bin/view/Main/CqOslcV2
You just submit that request through your browser (not IE) or in code and get back an xml response with the list of users.
Related
Is anyone aware of any Google API with the user scope (NOT the Admin API in the Directory SDK) that allows you to retrieve the custom employee attributes?
The G+ API seems to skip these
https://developers.google.com/+/web/api/rest/latest/people#resource
Our issue is that we don't want to grant access to the developer console, but rather do this PER-USER. I.E. a user logs into our app and we display to her the custom attributes for her G Suite account, but we do this as her (not as an approved API scope via the dev console).
Leaving this answer for anyone like me who finds this question.
The Directory API allows a user to query the custom attributes for their account even without any admin permissions at all.
https://developers.google.com/admin-sdk/directory/v1/reference/users/get
You need to ensure that projection is set to full and viewType is set to domain_public.
You may need to check the permissions for reading the custom attributes to ensure that a user is allowed to see theirs. We do this in the Google Cloud Directory Sync.
I'm building a lightweight web interface to SSRS where web app users are mapped to web app roles, which in turn are mapped to SSRS users.
The reason for this convoluted scheme is not up for debate: In short, AD groups can't be used, the site uses Forms auth and there are a fixed number of roles.
Web Role | SSRS User
Admin | AdminUser
Supervisor | SuperUser
User | BasicUser
Guest | GuestUser
The goal is to enumerate all reports a user has permission to view, and allow the user to view the report with the ReportViewer control.
More importantly, it's to simplify the UX for users, both admins and the rest: preventing admins from having to use the Report Manager website (ie, selecting checkboxes rather than hand-typing which web-role-users have access to which reports), and providing a simple UI from which users can see and execute all their reports.
Everything works OK when the user is the AdminUser.
However, I'm having difficulty calling the web service when the user isn't included in a Policy on the Home/Root folder with at least the Browser SSRS role. (The permissions granted to user 'computer\username' are insufficient for performing this operation.)
This is problematic for a couple reasons:
If every user must be a Browser to connect to the web service and enumerate reports they have access to view/execute, then all users will have access to all new reports/folders by default. (Children automatically inherit new permissions)
If a report exists in a nested folder that does not inherit permissions and the user is not a browser of, but the user is a Browser on the nested report, ListChildren() will not return that report.
It seems this leaves me with 2 less than ideal options:
Don't call the web service with the different users. Instead, enumerate reports with ListChildren() using only the admin user. Then, for each report, call GetPolicies(), and from that collection of policies, determine what reports the user is able to view.
Make the call with different users. Live with the pitfalls of newly-published reports being accessible to everyone by default, until permissions are changed. Also live with the pitfalls of nested reports not showing unless the user has access to that path. If an admin wants a nested report within a folder with explicit permissions to be available to a user who can't see that folder, the policies on all ancestor folders and their children must be modified.
#1 is obviously very unwieldy and inefficient. But #2 has significant drawbacks and becomes just as onerous & inefficient when setting permissions in certain situations.
Is there a better way? Have I missed something obvious?
[edit]
A 3rd option is to query the ReportServer database directly using a query like this. This has the benefit of returning everything the user has access to, regardless of whether or not it exists in a subfolder the user cannot access (aka, cannot use the web service's ListChildren method to retrieve). However, if using AD groups, I would have to know which groups the user is a member of, whereas the web service would do this for me. This option feels like a bit of a hack to me, but it could work.
As it turns out, we ran an end-route around this issue by dropping the requirement to restrict report access by web role, and made the path we query in the web service a web.config setting that can change, thus allowing report authors to 'hide' reports in a parent folder if the need arises in the future.
The best solution would have been to query the ReportServer database directly.
However, the client changed their mind & didn't want to restrict reports based on web user role in the end, so problem solved!
I'm using django-auth with the django-auth-openid extension to use OpenID (specifically, Google) to log users into my site. I have a user base of about 90 who will be using the site. All of them have Google accounts, and will be using them to access the site. Since the user base is set (there is no registration allowed, only admins can add users), I already have an exhaustive list of all of my users, including their email addresses and other information. How can I allow these users to login with their Gmail addresses without making them register first? Essentially, I'd like to make django-auth-openid match OpenID Gmail addresses to rows in the existing django-auth Users table. Is this possible?
Thanks!
I ended up using the python-social-auth library (which has Django support built in). The documentation for use with Django isn't great, but between the docs and the provided example it was relatively easy to integrate it with my existing django-auth setup. After that, I just deleted the 'create_user' pipeline from the SOCIAL_AUTH_PIPELINE tuple in my settings, and, that way, only users with existing OpenID connections were allowed in (no new registrations occurred from OpenID logins). This meant, though, that I had to create those connections (between OpenID identifiers and Users) manually, but that was pretty easy to do just using the Django Python shell.
I read that the Admin SDK works for Google Apps resellers, but I'm having one specific problem.
I want to use the following request to get the number of user licenses in use on one of my customer's domains.
https://www.googleapis.com/admin/reports/v1/usage/dates/%s?parameters=accounts:num_users
But there's no way that I can find to specify the customer's domain name that I want to get the usage report for. Tried a few different ways.
There must be a way that is hiding from me because this was possible with the old deprecated API.
Thanks.
Using the Reports API for this is not advisable because it can be delayed by 48+ hours. It's also not possible for reseller users to run reports for customers at this time. Rather, you should use the Google Apps Reseller API to list subscription counts that should be fully up to date.
Looks like this API here will do the trick:
https://developers.google.com/admin-sdk/admin-settings/#retrieving_the_current_number_of_users_in_a_domain
(Note I need a solution for this that works on 2007 and 2010)
We have a desktop application that we are adding Sharepoint Check in and out functionality to using the Web Services.
One issue we are coming up against is determining if the current user (of the desktop app) has a document checked out.
Our current approach is to get information about the document in question via Lists GetListItems call which will return us the ows_CheckoutUser field if the document is checked out.
We then want to compare the name of the check out user to the name of our user.
The problem is the name in ows_CheckoutUser seems to be the display name of the user and not the account name and therefore is not unique and not reliable for this check.
I noticed that ows_CheckoutUser also returns an ID value for the user but I can't seem to find out how to get the ID of my current user so I can compare on that instead.
Does anyone have any thoughts on this? Is this the right way to go about it or is there a better way?
I have thought about trying to run a query via GetListItems that would match on the document name and the checkout user equals my current user to see if I get any results back but I think that would suffer from the same problem.
Or maybe I need to go outside the Web Services and use the author.dll?
Edit
I've started going down the route of using an RPC call to getDocsMetaInfo via the Author.dll FP extension.
This call actually gives you the account name of the user that has the document checked out.
I'd still be interested in a solution using the Web Services however
Not sure what the native reply of sharepoint but I suppose it should be the same as when using the Camelot .NET Connector for SharePoint.
You have a few fields which possibly can hold this info
CheckedOutUserId, ID of the User who has the item Checked Out (Lookup)
IsCheckedoutToLocal, (Lookup)
CheckoutUser, Checked Out To (User)
CheckedOutTitle, Checked Out To (User) -
LinkCheckedOutTitle, Checked Out To (Computed)
It actually is LinkCheckedOutTitle that contain the visual reference to the user who checked the document out. In my case it's listed as trikksdomain\trikks, or if a localadmin checked the doc out its machine\administrator.
Here is a SharePoint 2010 Document Library Column Reference guide. http://www.bendsoft.com/download.php?id=b05c062a401cf8bc221ea5df63cc9570