In liferay I need to restrict site owner should view only his members and Site owner don't see the other site members. How can I restrict?
liferay version:liferay-portal-6.2-ce-ga3
I think the best way, if you haven't specific requirements that need for using sites, is to use different Liferay Portal Instances.
In this way any portal will have its own users, configurations, groups, etc.
Take a look here.
Related
I have this dilemma where i need to grant a non-admin domain user permissions to start/stop multiple services that start with a specific ID. Originally I could have used service control or mmc to create a template to give one user non-admin rights to start/stop a service and it works just fine but they have many different services that they need access to. Many of the services start with two letter ex. MX-service-name. I was thinking maybe i can create a group and give it permissions to start/stop services, but there are multiple services and this also needs to be done on multiple servers as well. Is there a way i can create a security template that applies my security group to any service that specifically starts with MX. Maybe there is a way to make each server apply a security rule to a a group that enables the users in said group to have non-admin privs to the services they need. Sorry if its confusing :)
I have four Azure AppServices which are complete independent applications. I want to provide a kind of a portal that aggregates those four. When a user logs in he sees all applications he has access to depending on his scope. From the portal he can navigate to the other applications and do the user management stuff like adding new users and grant access to a specific application.
Is the picture above a good pattern to do it?
If I would start from scratch, what would be a better idea?
App services don't have access to different app's directories, so I do not think this is possible.
Your best bet might be to make a feature request to the product team on User Voice. https://feedback.azure.com/forums/169401-azure-active-directory
Is it possible to restrict user access to view the custom domains added to Azure AD please? I have tried to create a custom role in Azure RBAC with scope of "/" but this is not permitted.
Thanks
Matt
No you cannot restrict user to view specific custom domain at azure active directory at this moment. Azure active directory does not have this feature.
You can use an allow list or a deny list to allow or block invitations to users from specific organizations. You could take a look here
You also can restrict your application over your resource group and user.
Note: To know more about the scope the RBAC you could refer here
In TFS 2018 on-premises server, is it possible to set permissions for a single dashboard, separately from the other dashboards in that project?
I have multiple dashboards in my main project and I would like to give only a few specific users access to edit one of those dashboards, but all users should have the ability to view it.
Is that possible?
As per this,
As a member of the Project Administrators group, you can set the
default dashboard permissions for all teams. As a team or project
administrator, you can set individual dashboard permissions for team
members. The permissions only affect the team members to which the
dashboards belongs.
By default, all team members have permissions to edit dashboards
defined for the team. All other valid users of the project have view
only permissions, except for members of the Project Administrators
group. You can change the default permissions a project from the
Project settings.
(source: microsoft.com)
SharePoint does integrate active directory accounts, of course, but how about security groups? Have a few sites where I'm fairly confident access is going through an existing Active Directory (AD) security groups (i.e. only an AD security group has been granted permissions through the 'People and Groups') In another situation, where I created the AD group and granted it permissions to a site, the customers were not able to access immediately. Eventually had to fast-track it and add the individuals to the People and Groups to keep the project going, but hoping not to have to maintain it that way.
Any specific requirements of the security group in AD? Universal, Global, or domain local? Is there any time delay between modifying group members in AD and having that take effect in SharePoint?
Any AD group type is usable by SharePoint so long as that group is usable by the server SharePoint is running on. Said another way, if you were using the OS level tools on the server and the OS recognizes your group, then you can use it in SharePoint.
As for when group memberships changes become effective, it has always been near real time for me but I can't say that I can speak to all possible AD topology deployments.