i'm facing now a new weird problem i have roles in access.conf of hgadmin repo as following:
read repo=a/b user=users/x
deny repo=a/b
this lead to user x can't clone this repo
another roles :
read repo=a/b user=users/*
deny repo=a/b
this lead to user x can clone repo a/b any ideas why this happens
Knowing that there is no roles preceding those roles except in both access.conf of hgadmin repo and /etc/mercurial-server/access.conf
init user=root/**
deny repo=hgadmin
any ideas why this happens ?
Thanks in advance
Related
Is there a way to assess which permissions an IAM user would need in advance in order to perform a certain operation on AWS?
Specifically, I'm utilizing an AirFlow AWSAthenaOperator to execute some query against AWS Athena, here is my code:
myAthenaTask = AWSAthenaOperator(
task_id='<MyTaskID>',
query='<MyQuery>',
output_location='<s3-output-bucket>',
database='<my-DB-name>',
aws_conn_id='<my-connection-name>'
)
the annoying problem is that I must execute my task again and again in order to discover all the missing permissions (I simply get AWS access denied errors) - I'm looking for a quick way to discover all the required permissions my user would need without try and fail again and again.
I a newbie to AWS. My requirement is to add field-level, document-level, and collection-level permissions for reads and writes for AWS DocumentDB. One collection should accessible only from one microservice and the document should be modified only by the owner of the document(i,e user document can be modified only by that user)
I have done enough research and found, adding a restriction for accessing a DB can be done using Role-Based-Access-Control if we want to allow only for one tenant, but didn't get a clear idea of my problem statement i.e managing collection-level, document-level, and field-level permissions
Is there any other way to achieve this..?
Any help will be appreciated
I have a lambda function for making thumbnails from videos, but I'm encountering some issues when I try to use the mediainfo module. I get the same problem when I test the function
/var/task/node_modules/mediainfo-wrapper/lib/linux64/mediainfo: Permission denied.
I changed the permission of the whole folder before zipping it (first to 644, then to 755 and 777) but nothing changes. Could I get some king of advice on what can be causing the issue?
I am trying to add new permission to user.
Permission Policy : "AmazonGlacierReadOnlyAccess"
However "AmazonGlacierReadOnlyAccess" is not available when i searched through permissions list.
Only "AmazonGlacierFullAccess" is available.
seems like simple thing.. am i missing something here?!!
Please let me know why it is not available. is it renamed to something else now?
I am new to using AWS (and S.O.), and I am following the tutorial for Machine Learning, where it asks you to create a bucket. However, it keeps saying "Error Access Denied" when I am trying to create the bucket, lets me fill out some properties, and still says Access Denied. I have researched this question carefully and for quite a while, with many suggestions saying to correct the code for "Sid","Action","Effect","Allow", etc. However, I do not understand if this is my problem, and if it is, WHERE to write this code? I will show some screenshots of my screen that it shows me, and I opened up a file that shows code related to buckets. Thank you so much and I will be reading every answer carefully, I apologize
Screenshot of my screen when attempting to create bucket
List of files when i clicked on this file named "alphaindex.h"
The likely answer to why you can't create a bucket is that your IAM user does not have the appropriate permission to do so. Whomever controls your account can add it to your IAM user.
I would suggest at minimum the following:
s3:CreateBucket
s3:ListAllMyBuckets
s3:PutObject
s3:GetObject
s3:DeleteObject
Though I can't guarantee that those are sufficient to do what you're trying to do.
Alternatively, you can be granted unlimited access to a specific bucket created for you. Instructions for doing so are here:
https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/