I have an instance that needs to have a role that shouldn't be able to be deleted or updated. I can check for this roles every time a deletion or update will happen, of course. But is there any way to enforce this, from database or from laravel?
Related
In a scenario where new record was created and attached to a new tab on the item record.
I would like to give all roles ability to read data from it, but only few specific roles should be able to edit.
Setting Access type to 'no permissions' would give all ability to change the content.
Setting to 'permission list' would require adding a list of 100+ different roles, and continuous maintenance when new role is added
I tried setting it to no permissions, and then having workflow return error if wrong roles tries to edit it, but it doesn't work for inline editing.
The reason why every or at least vast majority of roles needs to be able to read this, is because we have a Client Script running for multiple transaction types (SO,PO, Opportunity etc). And said script will do its logic based on that custom record. Since Client Script are run based on the current user permission, it will throw an error if user has no specific access to that record.
I would appreciate any type of advice how to handle such scenario, either by permission configuration or running the search as different role in a Client Script.
Another project that was created directly in the organization shows me as owner.
Is there a way to fix this in the settings?
I checked the settings/members page, and the only way I see is to click the "Leave" button next to my maintainer status, and then hope that I will automatically be marked as the owner.
The short answer is yes, that's safe to do.
When you transfer a project, all roles are kept "as is". Since by default, you're a Maintainer on the personal project, when you transfer it, it keeps that role for you.
When you have a role in the group, it will inherit the role, unless a role is specified for the project. By deleting your role at the project level, you're just deleting the specified project-specific role. Once you do, you should show up as an Owner (inheriting it from the group).
I need a way to temporarily disable particular user read/write access to my couchdb, i.e. ban him there for certain period of time, but letting him know that he was banned. What could be the best approach to do it?
The very first thing came to my mind was just changing his password (require_valid_user is set), but this way there definitely will be no feedback to him as his access is completely lost.
My DBs have role-based access set up, all regular users are assigned to role "registered", so my second thought was to change his role to something like "banned" => he loses access to all regular DBs. But how to provie feedback in such case?
_users DB as well has "registered" role for access (is that necessary, BTW?) will it prevent user with role "banned" to read his own doc from there?
In case somebody stepped down here for similar task.
=>solution:
Finally I ended up with server logic that changes user role to "banned" and adding this role to access roles of _users DB.
This way banned user completely loses his access to other DBs (which request "registered" role) and has to wait until server changes his role back to valid one.
I have little problem. In my application users are auth via Azure AD and his user profil is in DocumentDB.
When Administrator delete user profile I need to force log out the deleted user.
How to do it? Delete action deleting ad and documentdb entry.
Based on the description, you want to sign-out the users after the administrator delete the users profile from documentDB.
If I understood correctly, it is more likely building a real time application that nofify the specific client when the delete action is performed. I am trying to explain it using a figure below:
And for building the real time application, we can use the SignalR. And you can refer more detail about it from links here.
And another solution for prevent the deleted users to access the proteced resrouces, you can check it before the users access the resources.
I have three custom entities; Project, ProjectStageExternal and ProjectStageInternal,I have added a workflow which will create ProjectStageInternal and ProjectStageExternal records when admin creates a Project record.
Now I have a security roll named customer. Users having this roll only read the Project and ProjectStageExternal records.
The problem is workflow is not working when ownership is changed to users having customer security roll. Its showing this following error: The selected user does not have sufficient privileges to be assigned records of this type.
what am I missing here?
Thanks.
That security role has basically no permissions on those entities, so the users wont be able to do anything with them.
If you want someone to be able to assign (or have a workflow assign on their behalf) you need to grant the assign permission and probably write as well.
If you dont want to grant them those permissions, change the workflow's Scope to organisation and assign it to an admin user. That means the workflow will run with the admins permissions and security roles.
Only providing Read Privileges to the user/team whom the record is to be assigned will work perfectly fine !!