If I create a blueprint at apiary.io, then grant Editor rights to a few other folks, is there any lingering specialness about "me"?
If so, how can I figure out who "owns" the bp?
In particular, I have created Apiary accounts for several email addresses, and made them all editors. I'm now trying to use the CLI (github: apiaryio/apiary-client). It tells me "403 Forbidden" when I use a token generated (at login.apiary.io/tokens) for several "Editor" accounts. How can I pick the "true owner" account (which, obviously, I've forgot) to try the CLI against?
You can find the owner name in the documentation header on the left, under the API Project name.
For team APIs, that would be the team name, for personal APIs, it's the name of the user.
To answer your initial question, the owner can access and change the API Settings (e.g. change API Project visibility, connect the API Project to GitHub, etc.). Additionaly, if the owner is a member of a team, they can transfer ownership of their personal API Project to the team.
Related
I'll try to be as brief and comprehensive as I can.
Objective: To be able to upload PDF files generated after filling an HTML form to my personal OneDrive.
I have been looking into this for a few days now and cannot for the life of me figure out the proper way to set up the app and permissions in the Azure portal for this to work. I was initially using the Personal Microsoft accounts only option but quickly realized that would mean having to sign in. Then I tried the Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) option. So this seemed to be a step in the right direction as the end-user does not need to do anything. I could use Application Permissions which would work without a signed-in user. That is basically what I want.
This lead to another issue, Tenant does not have a SPO license. After looking up more, it seems that to use the OneDrive APIs, you need to have a subscription. Like I mentioned, I am using a personal account (free).
I also tried daemon (since I can use application permissions and work without a user signed in). But based on the Microsoft Graph Get Files Permissions, Only Delegated permission is supported for personal Microsoft account.
I am trying to achieve this through PHP and using the libraries that are recommended everywhere. I honestly think that I am finding this much more complicated than it really is but I really can't figure out where I'm going wrong.
In conclusions, I can't answer these questions:
Can a personal free account (with student subscription or not) be used to access OneDrive?
If so, what supported account type is ideal for this?
And finally, is there anywhere I can follow to do this?
P.S. I have tried a lot more things I mentioned here, so in case anyone thinks of something I should have done, ask me and I'll update you.
You have tried many and got many correct conclusions.
To make a personal account access the personal OneDrive, you have to use delegated permission. Application permission is not supported in this scene.
I know your requirement is not to sign in interactively. Unfortunately it's not supported to use ROPC flow for personal accounts.
So the only option is to use auth code flow or implicit grant flow. Both of them require you to sign in interactively.
In summary, uploading files to personal OneDrive using non-interactive login is not supported.
Basically, I just want to use Microsoft Graph to get a list of active directory users and their email addresses.
Ideally, I could get all the admin users for a certain subscription.
How do I do that? I couldn't find any good examples online.
Assuming you have the correct access to a tenant, and an authenticated token granting you access to the Microsoft Graph, you can use the following REST API calls to get the data you are looking for:
List Users - Documentation
GET https://graph.microsoft.com/v1.0/users
List Admins (via directory roles) - Documentation
This is a multi-step process. First you must find the directory role for the Company Administrator, which will always have the roleTemplateId of 62e90394-69f5-4237-9190-012177145e10. This should not be confused by the actual directory role id, which will be different per directory.
GET https://graph.microsoft.com/v1.0/directoryRoles
Then you want to list the users who are a part of that directory role:
GET https://graph.microsoft.com/v1.0/directoryRoles/<id>/members
If you really need to get started from scratch, I recommend you look at this PowerShell sample I made which simplifies authentication, and allows you to make queries to resource endpoints like the Microsoft Graph.
https://github.com/shawntabrizi/Microsoft-Authentication-with-PowerShell-and-MSAL
Does anyone know if I can have a single one drive folder and then assign via the API different people, and then they would see only the folders that they are allowed to see.
I am trying to re-create the "views" functionality of dropbox enterprise
Yes, the simplest way to do so is to use the Microsoft Graph API which has an entire set of endpoints that work with a OneDrive account.
The endpoints that will best serve you are the Create Sharing Link and the Add Permission.
Note: Using the sharing link that doesn't require account authentication means anyone with that link can access the OneDrive folder/file that it is assigned to. If the user(s) have Microsoft Accounts or Microsoft Organizational Accounts (also known as work/school account) then the Add Permission endpoint is likely your best bet.
Our company has a Microsoft Azure account (Pay-As-You-Go).
We had a programmer that developed our web app. We gave him full access to our Azure account. So, he had access to everything.
We intend to hire another developer to make modifications to the web app, so he'll need access to the App Services and SQL Databases. Our intention is to just allow him access to those features.
We did our research and came across the documentation, Resources, roles, and access control in Application Insights. We followed it step by step, but there's an issue. Doc LINK
We tested the procedure by adding one of our IT staff's Microsoft account (personal Outlook.com account) and assigning him the Contributor role, and sent him an invite. He's not seeing the invite. We did the same for another staff, but it's the same problem.
Can we get some assistance please?
It was not working earlier .I tried with one gmail id. Now it is working perfectly fine and I am able to receive the invitation email.
To send invitation, you need to go to active directory. Add user's email as a guest under add user option (Add guest user).
I am using my work email address to set up multiple Azure IaaS environments. When I log into Azure, I get asked if I want to use the "Work or School Account" or "Personal Account" - both referring to the same email address.
I don't recall setting up anything in terms of personal accounts, or linking my work email as a Microsoft Outlook.com/Hotmail/etc account.
Access to the subscription has been applied to my Personal account, not the work one.
When granting access, there's no way to pick which one you're giving access to.
Couple of questions
I've created some VMs but want them to be linked to my work account. Can I change this?
How do I unlink my work email from Personal. I want to use work just for work, and not have any confusion between the two.
See this screengrab for more information:
There are few problem with your account so lets go over them one by one.
First means that now you have 2 different accounts one it is your work account another one it is your microsoft account. You can create both of them with the same email since they are from 2 different tenants.
This is a concept important or you to understand there is something on Azure that it is over the subscription that is the tenant
Tenant
|- Subscription
|- Resource Group
|- Resource
All subscription under the same tenant have the same Authentication method, this Authentication method can be linked to an Azure Active Directory ( Office 365 subscriptions are Azure Active Directory ) So you can open a request to microsoft to transfer your subscription to your company tenant. if you do this all the resources under it will be transferred to your other authentication. You can open this ticket on the portal.
If you don't want your personal account anymore you can close it on https://account.live.com/closeaccount.aspx
Thanks to those who edited the question for me, my line-breaks didn't work by default, I'll ensure that I get it write next time. I was only allowed to post the image as an attachment being first-time poster, someone fixed that for me.
The answer from Gabriel Monteiro Nepomuceno was correct and touched on the root cause, but there's one element I didn't include in my question.
Regarding the tenant: the tenant is created under the company account of "company.com". I am a sub-contractor and was granted access to my own account at "benscompany.com". Azure support have advised that its only possible to grant access to different account via the personal account.