I am new to Azure resource graph query.
I would like to use resource graphy query to find out information on virtual machines.
Is it possible to create a query to get a list of Virtual machines that have been deleted for a specified period? The scope is for all subscriptions.
Thanks,
buddd
yes, you can filter by the TargetResourceType as virtualmachines & change type as Delete. This way you get all deletions happened within 30days(I guess)
Related
I would like to retrieve a list of all Planner Plans and number of tasks in each Plan. Goal is to understand which plans are actually in use. I used the Graph API for this. However it appears that most the Graph endpoints for Planner and Tasks use Delegation Permissions. In other words, I have to be part of each Planner Plan to even query for it. So even as Global Admin I am unable to pull this information. Is there any way to query for
List of ALL Planner Plans in the tenant
Owner for each Planner Plan
Number of tasks in each Plan
Thanks in advance,
Jake
You can now use application permissions to read this data.
Outdated reply:
Unfortunately it is not possible to get this through Microsoft Graph
API right now. However we do have another API, which is meant for
admins to be able to export their tenant's data, and it can be used to
get this information. You should contact support for this process.
In the past I was reading a list of plans of current user with this REST call of the beta-API:
https://graph.microsoft.com/beta/me/plans
In July 2017 the planner API was released and there are also some minor changes to the endpoints, so the REST call in the V1.0-API now is:
https://graph.microsoft.com/v1.0/me/planner/plans
Unfortunately I do not receive all my plans with that endpoint. Apparently I only get plans that exist for a long time, but any newly created plans are not visible. I tried a lot of actions on my plans like subscribing to, assigning tasks to me, favorize the plan in planner hub, making a plan public or private, but nothing helps, new plans remain invisible in the API.
Can anybody explain what the new endpoint exactly does? The documentation for List plans is not very helpfull.
Can anybody explain how I can a list of all plans (title and id) that I am owner or member of?
The only work-around I have found so far is:
1) Read all unified groups
https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.group?$filter=groupTypes/any(a:a eq 'unified')
2) for each group: read the planner plan for that group
https://graph.microsoft.com/v1.0/groups/<id>/planner/plans
But that would require one request per group, makeing performance horrible on tenants with dozens of groups.
This API returns plans that have been shared with the current user. Plans can be shared with a user by adding the user's id to sharedWith property of planDetails (Edit: currently users do not have permissions to add or remove others from this list). This is a separate set of users from group membership and does not allow access to data for shared users. Instead, the users will have access if they are group members, and lose access if they are removed from the group.
More information and a sample for updating plan details can be found here.
Additionally, you can submit feedback about the API (and other Planner functionality) here.
I am trying to define a user management and permissions model for Neo4j. I have a web application (Angular 2) that connects to Neo4j via an API (KOANEO4J). Neo4j is the only database or persistent storage that the application uses. Through the application a user can add/edit/delete content which uses the API to carry out these instructions in Neo4j by running Cypher Statements. Up to now I have not worried about supporting multiple users but as a next step I am starting to think about this.
The product will be used by multiple different companies and each company will have multiple users so I need some way to support this. The model I am considering in Neo4J is as follows:
An "Orgaization" is represented by a node and it can have 1 or more "Organization Catalogs". All of the nodes belonging to that catalog will be children of one of the "Organization Catalogs".
Each user will also be represented by a node in the database. They will belong to an Organisation. They will have certain access permissions on an Organization Catalog identified by a an edge.
I am looking for some advice on whether or not this is an appropriate model to follow or if there are any examples or documents that describe how to achieve this in Neo4j.
If I do implement this model then would it be better to model the permissions as seperate nodes so a user is connected to a permission node (e.g. Read Only Access) that is then connected to the Organization Catalog.
Any suggestions on how I would actually get the API to work with this type of model. I'm sure I can pass the User Id to Neo4j as part of each query and then filter the results to show only nodes the user has access to but this doesn't seem like a very elegant solution - it also means that all of the security would be dependant on carefully written Cypher queries that don't leak data that a user isnt supposed to access.
Thanks a lot
I am looking for some advice on whether or not this is an appropriate
model to follow or if there are any examples or documents that
describe how to achieve this in Neo4j.
The answer for this question is: it depends. Remember that when modelling a graph database you should consider the queries that are asked to the database. If this model fits the queries that you are asking to the database then this model is appropriated, otherwise, not. Take a look in the Chapter 5 (Graphs in the Real World) of the book Graph Databases (by Ian Robison, Jim Webber and Emil Eifrem. Available for download here). This chapter shows the modelling process of an Authorization and Access Control system in Neo4j. Can be enlightening and helpful to you.
If I do implement this model then would it be better to model the
permissions as seperate nodes so a user is connected to a permission
node (e.g. Read Only Access) that is then connected to the
Organization Catalog.
Again, it depends. Do it if the Permission entity has connection to others entities of your application besides an User and an Organization Catalog. Otherwise I believe that your permission can be modeled as a relationship between an user and an organization catalog.
Any suggestions on how I would actually get the API to work with this
type of model. I'm sure I can pass the User Id to Neo4j as part of
each query and then filter the results to show only nodes the user has
access to but this doesn't seem like a very elegant solution - it also
means that all of the security would be dependant on carefully written
Cypher queries that don't leak data that a user isnt supposed to
access.
Maybe is a good idea add another layer of software between your AngularJS client app and the Neo4j database. This way in this new layer of software (a Node.js application, for example) you can implement a access control system, then verifiy if the authenticated user can access the resource that is being requested.
I'm very new using either neo4jDatabase or neo4jclient driver, I'm trying to create a proof-of-concept to understand if make sense to use this technology and I've the following doubts, (I tried to search over the web but no answers...).
I have some entities that have Documents associated with them, (PDFs, DOCx ...), is it possible to have a Node property pointing to those documents? or Can documents be added as a Graph Node with a Lucene index so that a search could return document node and related relationships?
How does the Security works? is it possible to the users have access to the nodes taking in consideration their profile? Imagine that the nodes represent documents how can be implemented a security mechanism that the users only access their nodes (Documents)?
Q1: You can simply add a node property with a URI referencing the document of choice. That could be pointing to blob storage, local disk, wherever you store your documents. You could add binary objects in a node's property (by using a byte array) but I wouldn't advise doing that, since that just adds bulk to the database footprint. For reference, here are all the node property types supported.
Q2: Security is going to be on the database itself, not on nodes. Node-level (or document-level in your case) security would need to be implemented in your application. To keep data secure, you should consider hiding your Neo4j server (and related endpoint) behind a firewall and not expose it to the web. For example, in Windows Azure, you'd deploy it to a Virtual Machine without any Input Endpoints, and just connect via an internal connection. For all the details around neo4j security, take a look at this page.
1) What David said.
2) For resource level security, you need to model this in to your graph. There's an example at http://docs.neo4j.org/chunked/milestone/examples-acl-structures-in-graphs.html
Is there a way to retrieve the contents of a Team Query using WIQL?
Background: I'm throwing together an RSS feed for new bugs entered into TFS. I could write a specific WIQL query for which work item types and states to include, but I'd rather just include the name of a team query - that way the team query name could be specified in the querystring of the RSS feed's URL, and you could use it to watch any set of work items. Handy, right? I'm just not sure whether WIQL can select items from a Team Query. Anybody done that before?
No, there is no way to refer to or access a Team Query from within WIQL. The queries are stored in a separate subsystem in TFS that the query engine can't access.
Although it's not RSS, you might want to take a look at the OData Service for Team Foundation Server 2010.