Not sure where to post this questions.
Is there a "Role" I can define in appcenter so that only certain people can "see/send" push notification or view analitcs etc..
Can I associate different emails to a single appcenter account and give them different role of what they can see or do?
many thanks
App Center allows you to define permissions for different users and teams, this is documented here: https://learn.microsoft.com/en-us/appcenter/dashboard/creating-and-managing-teams#changing-permissions. Unfortunately, there's no permission that enables you to hide services or capabilities.
Related
Is it possible to use Microsoft Graph in order to create subscriptions (and therefore - notifications) for changes in documents libraries across all SharePoint sites of certain tenant?
I need to be notified when a change is made to a SharePoint site of a tenant (e.g. a file was uploaded to the site document library).
Up until now, I was able to create subscription for changes in the default TeamSite by creating subscription with resource: drive/root.
But that's not enough, if I create another TeamSite then I can't find a way to receive notifications for its changes as well.
The same is true for communication sites - I can't find a way to get notifications for changes in them.
Currently, my AAD App is asking only for Sites.Manage.All permission, but if asking for more permissions can help then it's not a problem.
Is doing what I want possible? Or notifications are only supported for the default SharePoint TeamSite?
If receiving changes in push by subscribing to notifications isn't possible, then I guess I'll have to poll for changes by using delta links.. that should work for any SharePoint site, right?
This is not supported by the graph today. If you'd like to advocate for such a feature, please post it on uservoice. The alternative would be to subscribe to each drive individually.
As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.
We are considering getstream.io for a B2B multi-tenant SaaS application's notifications feed.
Obviously, it should not be possible for users of a tenant to view and follow notifications and users of other tenants, respectively.
We need to take care of this separation in the backend anyway. But I wondered whether there is a smart way within getstream.io to support this.
Any thoughts/advice?
There isn't. You could create different "apps" or "feed groups" but those are all manual things.
The best way is to check on your application level, before you send any follow API calls to Stream, like you already have multi-tenant checks before logging in, viewing content, exporting stuff, ...
I own a Luis.ai application which I use for my chat BOT.
i want my qa guys to be able to train my Luis.ai application, so that my BOT would be smarter.
how do i grant permissions to other user to train my APP?
Now there is an option to set other users as "Collaborator" and they can then Train and modify the luis.ai app as needed.
The accounts can be independent and don't need to be from same Azure Active Directory or otherwise linked.
Basic description by Microsoft is here.
This way you add the Collaborator at
https://www.luis.ai/applications/yourAppId/0.1/settings
And this way the collaborator sees the UI:
I don't think that it's currently possible.
The easiest workaround I can think of is to create a shared account, export your LUIS application from your account and import it into the new shared account. Have in mind that the keys of your LUIS app will likely change and so you will likely need to update your bot too.
Also, you can see if using the Cognitive Services API is suitable for your scenario. If it's, then there are a bunch of operations available there.
You can use the Cognitive Services API for this.
Link - https://dev.projectoxford.ai/docs/services/5890b47c39e2bb17b84a55ff/operations/5890b47c39e2bb052c5b9c45
I haven't actually used it but you can have a look. Hope this helps.
Can I add other developers to my Nest account? I would like each member of my team to have their own Nest user account but share the same client and test devices.
Unfortunately not at this time.
The best practice with the current setup would be to create a group Nest Account for development (using a group email address, most IT departments have self-service for this) and a separate account for production (which you should do anyways)
If you would like to suggest better account management features, the best place to do so is on the Product Suggestions board in the Nest Community.