Preloaded Fusion Table that is specific to each user - excel

So here is the dilema and I am sure it is a simple solution. I am using App Inventor 2.
I would like to use Fusion and have it so that it automatically creates for example 4 preloaded/precreated tables to make things easy for the user.
table1, table2, table3, table4.
Then these tables would be customizable per each user that downloads the app. They would have their own private fusion tables with their own private info they created.
So my aim is that if someone downloaded the app, they wouldn't have to create a fusion table or know anything about coding, it would automatically populate on their google account and be retrievable on it.
Also is there a way to easily obtain that info later via CSV(comma separated value) with Excel from their web browser on their PC from online with a simple link?
Thank you for your time.

In App Inventor there are the built-in fusiontable controls, but these only can access your tables (the tables of the developer account).
To be able to access the Google Drive of the user and create and access fusiontables there, you can use the web component and OAuth following the Google Fusion Tables API. The user needs to authorize your app to be able to create and access the fusiontables on first run of the app.
See an example how to do it here.
The users can obtain that info later with a simple link, they just have to set the sharing permissions of the fusiontables to "anyone with link".

Related

If a google doc/sheet is made public, how easily can other people find the URL?

Is it easy for people to find "public" google sheets/docs?
Context: Storing some semi-sensitive data (individual user info, of non-sensitive nature) for an app beta-test in google sheets. Planning to migrate to some DB in the future, but for now, just using JavaScript to pull the data directly from the google sheets (since there are visualizations being dynamically updated by the sheets).
Yes, it's easy to get information. Search engines may index and cache the information. Then, there are bots, crawlers and scrapers. Do NOT put (semi)sensitive information in public. Implement google-oauth properly with google-sheets-api to get information. You can also use service-accounts
Yes, it can be easily accessed.
According to the official Google article Share files from Google Drive: when you set your file's General Access setting to public:
Anyone can search on Google and get access to your file, without signing in to their Google account.
What you can do:
In the case of your app beta-test in google sheets data, you may want to reconsider to change your file's General Access setting to one of the following (in descending order of security):
Restricted - Only people that you manually give access to can view or edit your files. When you click the share button, a prompt will show and you may manually add the users who can view or edit your files:
Afterwards, you may select a role for those users and then they can be notified afterwards through email.
On the other hand, you can share the link to others. A prompt will show like the one below if you send the url through Google Chat:
You may opt to select Don't give access which will result in the following view on the other user's end:
This would mean that if unauthorized users get hold of the file URL, they will still need to send an access request. If other users submit the request, an email notification will be sent to your mail inbox. Other users who also own the file will also be notified by mail.
Your Organization - If you use a Google Account through work or school, anyone signed in to an account in your organization can open the file. If you are an administrator in a work or school workspace, you may set how members can share content within the organization. The administrator can prevent the sharing of content with group members outside your organization. If external sharing is prohibited, only group members who are in your organization can access the group's shared content.
Anyone with the link - Anyone who has the link can use your file, without signing in to their Google Account. This option is least recommended because if the URL is leaked to unauthorized users, they can easily access the file.
References:
Share files from Google Drive
Share content with a group
Don’t make it public unless you want the public to see it. Use oauth to access.

document creation using google APIs in python

Is is possible to give google service-account's access to whole drive instead of just folders?
I'm unable to switch to a new directory using google docs API in python. It was possible to jump into a folder and then create the document there using google drive APIs but I want to use docs API only and I can't see any way to jump into another folder.
Is is possible to give google service-account's access to whole drive instead of just folders?
If you have a Workspace domain, I'd suggest granting domain-wide authority to the service account in order to impersonate the regular user's My Drive and access everything they can access. See Delegating domain-wide authority to the service account for more details about how to accomplish this.
If this is not an option for you, you should share all top-level items on the Drive, since there's no direct method to share the full My Drive.
It was possible to jump into a folder and then create the document there using google drive APIs but I want to use docs API only and I can't see any way to jump into another folder.
You need to use Drive API to move files between folders. Docs API cannot be used for that.
Sidenote:
Not sure if you're aware of this, but please notice that, if you create a document via Docs API, you can only create a blank document, since all fields apart from title are ignored in this method (see documents.create). If you want to add text, change other properties, etc., you'll have to use documents.batchUpdate.
I'm mentioning this since I don't know whether that was the reason you wanted to create the document via Docs API.

Secure filtering in Power BI Embedded

Currently I have the following scenario. I have a report in Power BI which reads from a dataset which has data of all companies. In my ASP .NET MVC application the user will select the company for which to display the report and with Power BI Embedded the application filters the report by the ID of the company through the embed config defined in JS (filter parameters passed from server).
I am using app owns data approach where I have a master account and the embed token is generated for the master account.
The user accessing the report does not have access rights to all companies and this is being handled server-side. With this approach however, the user can easily alter the embed config in JS and display the report for a company which he is not authorized to access.
I looked into row-level security and I found the following approach https://community.powerbi.com/t5/Developer/PowerBi-Embedded-API-Works-with-RLS/td-p/231064 where there exists a role for every company and the embed token is generated for that particular company. This would be an ideal approach but in my scenario the companies are not pre-defined and can be created any time. Therefore, I would need to create a role per company. This however cannot be achieved programmatically as Power BI does not provide means to automate role creation.
The only approach I can think of is to clone a report for each new company and create a dataset specific to that report which will only have the data for that particular company. Then the generated embed token will only be valid for that particular report.
Has anyone also experienced this dilemma? Any suggestions what I should do in such scenario?
You still can use RLS, but without roles per company. Use USERPRINCIPALNAME() DAX function to find out which user is viewing the report. In the database make a table to specify which company can be seen by which user and add it to your model. Then use RLS to filter this table to only the row (or rows) where user is current one (here is where USERPRINCIPALNAME() comes into play), and let the relationship between this table and your data tables to filter out what should not be seen. This way there will be no JavaScript filters at all, so nothing can be changed by some malicious user.
See Using the username() or userprincipalname() DAX function.

Prevent Users Creating Table

I'm trying to secure an MS Access 2003 mdb using the workgroup security. I've got most of it set up (using a new MDW etc), but I can't stop people creating new tables in the database, if they've got access to open it. Am I missing something?
None of the accounts have any permissions allowed, I'm doing it all through groups.
Users only have Open\Run access to the database, no access to <New Tables/Queries> and only "Read Data" access on all the other tables, including the MSys* tables.
Any thoughts or am I trying to do the impossible?
--Update--
I've tried using the wizard as suggested, but that still leaves me with the same problem. I created a blank database & ran the wizard on it. Assigned 2 users, Me & User, and removed all access to the standard groups. I added Me into the Admin group & User to the Read Only group.
Not using the MDW denies access, as expected. Logging in as Me allows full access (Design things, add data, delete data, etc), logging in as User will allow read data inexisting tables, but not add data or design them (as expected), but it will still allow creation of a new table, which User will then have full access to add, delete etc.
So, over a year after posting this question, I have another go at solving it, but his time with success!
I came across the Microsoft Accesss Permissions Explorer and this showed that the standard ways of securing the database, both manually and using the wizard still give the Users group explicit Create permsissions on the Tabes Container. This same software also allows the revoking of said permissions, so now I can have a fully secured database, where any user can access the mdb without using a special MDB, but they are only able to access and edit the data I want them to.
Can your users use the runtime version of msAccess? They will not have the ability to create any new Access object, such as table, query, form, etc.
And runtime version is free, so you'll also spare on licences!

Use Pictures from another website as SharePoint profile pictures

We have a "corporate directory" website that displays some contact information about our employees. Among other things like displaying data from Active Directory, it also displays a picture, which can be retrieve via a URL of the format http://[CorpDir]/PersonPhoto.aspx?email=[UserEmail]
I'm now looking for a way to use these pictures as profile pictures in SharePoint, as easy as possible. Custom coding for SharePoint is not an option for us at the moment.
The easiest way would be to set the PictureUrl property for each user profile. Even if you can't add custom code on the server to do that, you can probably write code elsewhere that uses the web services to set the profile.
You may also be able to do it with customization of the out of box AD import - take a look at the settings for that and what you have available in AD.

Resources