I am trying to retrieve Google groups using the directory API with partial matches and wildcards.
The API allows me to retrieve a group if I know an alias using
GET https://www.googleapis.com/admin/directory/v1/groups/groupKey
I can retrieve all groups using
GET https://www.googleapis.com/admin/directory/v1/groups?customer=my_customer
There doesn't seem to be a way to search for a subset of the groups, for example returning all groups that start with foo.
Some of our customers have huge numbers of groups so retrieving them all is impractical.
Related
If I have a large list of users, how can I return a list of the ones that exist in Azure AD via the Graph without a huge performance hit?
Let's say the Azure Tenant has 30,000 users
And we want to check a list of 1,000 users to see if they exist
I see two ways to do this:
Iterate over each user and check if that user exists, passing in a filter to the graph on the UPN
Query Azure for all users and intersect on that set. This results in 30,000 users being returned which requires paging (~30 pages) on the Azure side. This significantly reduces performance.
Is there a POST request where you can pass in users to match on? Is there a limit to the amount of data you can put in the filter on the GET request?
I have tried to Repro to GET only the List of user from the bulk users in AD.
Use endsWith or startsWith below query
https://graph.microsoft.com/v1.0/users?$count=true&$search="displayName:room"&$filter=endsWith(mail, '#XXXXXXX.onmicrosoft.com')&$orderBy=displayName&$select=id,displayName,mail&$top=2
Make Sure ConsistencyLevel:eventual is added gives me the below result, which has search only top 2 as per the required data.
Is there a way to retrieve a full list of Active Directory groups using the OneLogin API? the /roles and /groups API calls do not return a full list.
When retrieving User details, there is an array for "member_of" that contains the full list of Active Directory groups a specific User is a part of, however, I do not see a way to bring back the full list of Active Directory groups that are available overall.
Thx!
Because AD can contain literally thousands of groups, OneLogin doesn't compile an internal list of these groups for surfacing via the APIs.
Instead, you can use the user mappings to assign users in selected AD groups to roles in OneLogin and then access that information via the API.
What's your use case?
We would like Azure Search to be able to restrict search results for certain users by some means – we are considering using the filter (https://learn.microsoft.com/en-us/azure/search/search-filters) option for this.
So far, we understand that the search query and the search results from Azure Search would be public and unencrypted.
Is there a way that the search query can be encrypted so that a user cannot meddle with the filter values and see data he is not authorized to see?
Similarly, for the results, in there a way to prevent an unauthorized person from seeing the results returned from Azure Search?
There's encryption at rest an in transit, but ideally you should implement your own authorization mechanism to handle what users can see. There's no ready to use feature for it.
I need to query Azure via the Graph API to find which Groups I own (or am one of multiple owners). The closest query I've been able to find is:
/users/{userId}/ownedObjects
This returns different types of objects, including Groups. However, it appears to return items that are NOT in fact owned by user {userId}.
Is there a better way to do this?
In Azure Search we can create multiple indexes for different search results, and we have two types of api-key. One is for administation and other one is for querying. But with same api-key users can search all indexes.
In my solution I need to design a system so that different users that use the system will get different results by their previleges. I thought this could be solved with dedicated indexes for each role but still users can query other indexes if they want to.
How can I be sure that every user can ONLY be able to search on particular a index.
Out of the box it is not possible to restrict the key usage for a specific index. You would need to do something on your own.
Other possibility would be to create different search service accounts and then creating indexes in them instead of having one account. You can then grant access to your users to appropriate search service account.
UPDATE
Based on your comments, you're actually looking to restrict search results (documents) by user's role i.e. going one level deeper than indexes. To achieve this, what you could do is dynamically append this role criteria to your search query as OData Filter. For example, let's say your index has boolean fields for each role type (Administrator, User etc. etc.) and the user searches for some keyword. Then what you could do is create an OData Filter $filter where you check for these conditions. So your search URL would look something like:
https://<search-service-name>.search.windows.net/indexes/<index-name>/docs?search=<search-string>&$filter=Administrator%20eq%20true
That way Search Service is doing all the filtering and you don't have to do anything in your code.
You can learn more about query options here: https://msdn.microsoft.com/en-us/library/azure/dn798927.aspx.