I am new to sitecore.
I have a question regarding packaging Domain and Roles on sitecore (we are using sitecore 6.3.1).
I am packaging content from our dev box to stage and I would like to transfer the Domain, Roles and user created on dev to stage.
The package designer shows a button called 'Security Accounts'. I added the specific user \ who belong to the specific domain and role.
On installing the package to stage site, it throws an error 'blah domain not found, cannot create user'.
So the question is, do i have to create a domain manually on the stage server before I install the user? or is there a way where I can copy the domain and roles to create the user?
Help much appreciated.
I have discovered that the domains are stored in /App_Config/Security/Domains.config and you can migrate between installations simply by copying or editing this file.
Or you can create the domains manually via the Security Domain tool.
Either way the domain must exist before you can install a package with users or roles.
If your target solution doesn't have the domain the user lives in, you'll have to create it manually. However, the roles can be transferred via package the same way as users. If the user A is in role B, and you don't add role B to the package, there should not be any error - simply the user A won't be a member of the role B on target environment.
I would think the answer Yan comes with would work with domains.
But you might need to have the Domain(s) in a package which you install first, or have it as the first "part" of your package, so it gets installed first.
Related
A new project showed up in my list of projects in my GCP console with name "My Project xxxxx" and ID "brave-watch-nnnnnn" where xxxxx and nnnnnn are numbers. But, I have no privileges on this project and cannot view the resources or modify the project.
I am the only user of my GCP account and my account is not part of any organization. I don't know how this project was created and how it got added to my console. Has anyone encountered such a scenario before and how did you resolve it ?
I think you should contact the support team. You mentioned about that your account is not part of an organization. But it's possible for someone to add you into his project via email. Did you leak your email address? You can also use gcloud projects list to see which project you have access to.
Only the owner of the project can revoke the access... that's who to contact.
b/c permission resourcemanager.projects.setIamPolicy is required to do so.
I am using a trial version of Google CLoud. In the command line, I am logged in with a .json key file.
gcloud projects create training_project
returns
ERROR: (gcloud.projects.create) PERMISSION_DENIED: Service accounts cannot create projects without a parent.
But with a trial account, I can neither create an organization nor a folder to serve as a parent. So, how can I make a new project with the command line interface as a trial user?
I have read this question that concerns doing this with a REST API whereas I want to use the command line interface. Furthermore, that question is not about using a trial account.
As shown in the error message (this is also documented here), service accounts are not allowed to create projects outside of an organization and must specify the parent resource when creating a project. There is no workaround for this. Since a trial user cannot create an organization as you mentioned, you won't be able to use a service account to create a project.
Having said that, you can create a project via CLI when logged in as a user instead. You can log in by running:
gcloud auth login
and following the instructions. The gcloud projects create command will then run successfully.
I know there is likely to be documentation out there somewhere but I have been drowning in Google searches trying to get my head around this!
I am working on my first Symfony project and I have a requirement to store files on AWS S3. There are three categories of file I am storing:
Type 1 - This should be accessible to anyone (although only on a request from my website).
Type 2 - This should be accessible to certain users. The list of users will change from time to time (friends list).
Type 3 - This should be accessible to the creating user and at times other users when accessed from a specific page.
I user the FOSUserBundle to handle my user authentication in my project.
At this time I'm lost in a sea of "IAM" users, "ACL" policies and I really don't know how to set something like this up - or if it's even possible. I also have the Gaufrette and liip/imagine-bundle bundles installed in Symfony (so I could add watermarks and resize)
Any help or resources that would point me in the right direction would be grateful.
t2t
Edit (21st Feb 2017
OK, so based on my further reading and the comment below I believe I can simplify what I need to do:
I want to have a bucket on AWS S3 which is restricted so that:
Files can only be read by a request from my domain, that provides a security token of some sort.
That will mean that even if the HTTP referred is spoofed a request to the S3 file will be declined as the token was not sent...
So, the question is - is this possible? If so, how should I proceed?
Thanks,
t2t
Please do not mix your project users with IAM users. Those things are completely separated. You need only one IAM user, which will upload files of all users of your PHP app. Any logic should be written in Symfony.
I've installed CKAN 2.2 and now I try to manage my organizations users and have a coherant workflow so i search how to manage roles (add new ones, what options are avaiable, delete etc.).
On google, I've find a possible way by using the "paster" command but that was only doable for versions 1.9 and less.
I never used an API before and i tried to used the CKAN one, but I do not find in the latest guide a way to do what I want.
I hope you'll help me,
potatoe
CKAN has roles, but they're only relevant in the context of organizations. Inside an organization, there can be a member, editor, and admin. These permissions are fairly fixed and not easily changeable. What is possible is overriding the auth functions to do what you want.
Besides this, there can be sysadmin users on CKAN itself who have all the rights.
On this page, it talks about Windows NT, 2000, XP and 2003. Fortunately, I have a Windows 7 machine.
The very first line says:
In User Manager for Domains, create a local user for the ColdFusion
service to log in as.
I don't see a "User Manager for Domains", so do they mean just "Add a new user"?
If it DOES mean that, can I use my own user account as the ColdFusion user, or should I specifically create a new account just for ColdFusion?
If you are creating a domain account it has to be created ON the domain - using user manager for domains connected to your domain controllers. If that's what you need then a sys admin has to help.
If you are doing a "local" user on a windows 7 I always end up hunting around for the right view of user manager before I get it right :) Here are the steps that I use:
Search from start and open the "user accounts" cpl.
Click on "Manage User Accounts"
Click on the "advanced" tab
Click on the "advanced" buttton.
This takes me to the mmc-like view of users that I'm accustomed to where I can add a user, change membership, set passwords etc.
Hope this helps :)
You can use your own username or you can create one for CF to run as. Creating a user to run CF as probably more closely replicates your production environment ( an assumption ) so if production for example writes to a UNC path the coldfusion user must have acces. You could
Mimic this locally.
You can use either an account local to the OS where ColdFusion is running, or a domain account if the OS is joined to a domain. In your case, you can just create a local user on your Windows 7 OS and run the ColdFusion Application Service as that user. The user account will need access to ColdFusion's installation folder, as well as read access to the webroot.
The whole idea is to run the ColdFusion service as a user with the minimum privileges necessary to handle requests and prevent access to other resources in the event of a data breach or remote code execution (e.g. someone exploits an upload form and manages to get their own CF code to run on your server; it's not pretty but can be somewhat restricted by running the CF service under a user account with restricted access).
As someone else mentioned, if CF needs access to other network resources, the user account will need to be granted access to those resources as well (either by using a domain account or having a local account with the same username and password on the remote system).
Just did this on Windows 2008 R2 with CF 10. The trick was to change the ownership of the c:\windows and c:\windows\system32 directories as outlined here.
change ownership from trustedInstaller