Having upgraded to Plastic SCM version 8.0.16.3533, one user who can assign code reviews, another can't.
The users each have two domain accounts using the same user ID, i.e. domain1\userID and domain2\userID. I've ensured the users old domain account have been deactivated. They both have active licences and are in a group assigned to the repository permissions.
No code
All users are able to assign code reviews.
Related
I am making a point of sale app, using Xcode.
I want this app to keep track of stock items, allow users to search stock, scan stock, add or lookup stock using a barcode. Items of stock will be stored in a users 'store'.
I want to have three types of users:
A manager user, who creates a store and has full access to the store. He can manage all of the 'employee users', such as deleting their access and employee users must be invited by him to join his store using a unique code. He will have specific abilities that 'employee users' do not such as the ability to add and edit stock.
What a manager account would look like
A employee user, who has limitations. (e.g. cannot see edit users page and not option to edit stock that manager user has).
What a Employee account would look like
A shopper user who can only see a store and the items in a store.
What a shopper users account would look like
The attached UI design should show what I mean. As you can see, the manager user has a manage employee tab that I wish only he can have and the other users do not. The manager has also got the option for more details when looking at stock, while the employee user does not. The shopper account has only got access to two functions, looking up a store, and checking the stock in a store.
So my question is,
How do I code three different types of users in Firebase for my app?
& How do I show them only options that I want to show them while showing other options to other users?
This is an incredibly broad topic and lots of it depends on how you implement the various parts of your app. Below is one of the many possible answers, just in an effort to get you started with some links.
If your app stores its data in one of Firebase database offerings (Realtime Database, or Cloud Firestore), or if it stores files in Cloud Storage through Firebase, then you'll likely want to store the role of each user as a custom claim in the profile of that user.
The Firebase Authentication documentation shows how to set such custom claims, for example how to set the admin property of a user to true from a Node.js script:
admin.auth().getUserByEmail('user#admin.example.com').then((user) => {
// Confirm user is verified.
if (user.emailVerified) {
// Add custom claims for additional privileges.
// This will be picked up by the user on token refresh or next sign in on new device.
return admin.auth().setCustomUserClaims(user.uid, {
admin: true
});
}
}).catch((error) => {
console.log(error);
});
Similarly you could set your user roles in a role property. Then you can check in the server-side security rules of the Realtime Database, Cloud Firestore, or Cloud Storage if the user has a role that allows them access to the specific data they're trying to access.
In the client-side code you can then decode the user's token to get access to the same claims and optimize the UI for them
Frank's answer is the correct one but I wanted to add a very simple additional piece of information. If you store users information, (DOB, nickname etc) in a /users node (as many Firebase apps do) simply add the role within that node
users
uid_0
name: "Larry"
role: "manager"
uid_1
name: "Curley"
role: "employee"
uid_2
name: "Moe"
role: "shopper"
When a user logs in, read their node from the users node and the app will then know what kind of user they are and display the appropriate UI.
You can also leverage that within Firebase rules to control what each role can access.
My Gerrit Version is -2.10.2
Regarding an Gerrit group (Delete user permission), I am the Gerrit administrator, I have user add/delete permission for Gerrit groups. Today I noticed that even the users who all have access to Gerrit group, are also able to remove users from Gerrit group. I thought, only admin can perform the manage groups and users permissions, whereas it is working for user as well. I have checked the project it has configured the access from “Rights Inherit From: All-Projects” also “Project All-Projects” it has below settings.
Global Capabilities
Administrate Server -
Allow - Administrators
Priority -
Batch - Non-Interactive Users
Stream Events -
Allow - Non-Interactive Users
Could you let me know where I can configure the permission, So that user should is not allowed to remove the user from Gerrit group. Only Gerrit administrator need to have users add & delete permission from Gerrit groups.
Check the following:
Click on the "General" tab of some group.
Look at the group in the "Owners" field
All users that are members of the owner group (or members of one of its sub-groups) has the permission to add and remove users to original group.
Put the administrator group (or other group you want) in this field and click on the "Change owner" button.
TFSConfig Identities listed all TFS accounts and all but one matched Windows.
How do I fix the lone user account where the Match is False?
While this may not be relevant, I add it to the post in case it provides any additional clues. I tried to reapply the user in the Application Tier Console Users list and it failed. The log stated the account is also an orphaned SQL Server Login. I assume that makes sense if the SID is mismatched, though.
Since you have reapply the user in the Application Tire Console Users list. Changes you make to local or Active Directory groups do not get reflected in TFS immediately.
It may be a identity synchronization issue. You must wait for the next identity synchronization with Windows before the properties of accounts that you do some account change will be updated. This requirement includes changes from group to user, user to group, and domain account to local account.
You could also force TFS to sync, details please refer this blog. After this run the TFSConfig Identities again.
I have a team set up in VSTS and I am trying to upgrade certain team members who need access to the test suite functionality. I have procured several paid enterprise level accounts that show as available. However, when I attempt to change someone's access level from basic to enterprise I get the following error:
vs1720077: Subscription could not be validated.
I have the top level account so I am not sure why I am not able to upgrade these users.
Just as Daniel commented, you must link your work ID. For troubleshooting:
Make sure in the https://msdn.microsoft.com portal you have actually linked your work ID. You still need to explicably do this
even if your MSA and Work ID use the same email address e.g.
user#domain.com. Using the same email address for both IDs can get
confusing, so I would recommend considering you setup your MSA email
addresses to not clash with your work ID.
When you login to VSO MAKE SURE YOU USE THE WORK ID LOGIN LINK (LHS OF DIALOG UNDER VSO LOGO) TO LOGIN WITH A WORK ID AND NOT THE
MAIN LIVEID FIELDS. I can’t stress this enough, especially if you
use the same email address for both the MSA and work account
If you still get issues with picking up the MSDN subscription
. In VSO the admin should set the user to be a basic user
. In https://msdn.microsoft.com the user should make sure they did not make any typo's when linking the work account ID
. The user should sign out of VSO and back in using their work ID,
MAKE SURE THEYUSE THE CORRECT WORK ID LOGIN DIALOG. They should see the features available to a basic user
. The VSO admin should change the role assignment in VSO to be MSDN
eligible and it should flip over without a problem. There seems to be
no need to logout and back in again.
Source Link: Why can’t I assign a VSO user as having ‘eligible MSDN’
using an AAD work account?
Also take a look at this similar issue: Lost capability when msdn.microsoft.com was forced to my.visualstudio.com link and VSTS Validation
I'm having an issue with the unenroll call in Valence API for the users with roles that are hidden. I can unenroll the users with visible roles though.
My organization's wiki says that "If users are missing from the Classlist, their role in the course may be hidden". Is there any way to unenroll such a user? Am I missing some permissions to unenroll these users with hidden roles?
In order to delete a user enrollment using DELETE /d2l/api/lp/(version)/enrollments/orgUnits/(orgUnitId)/users/(userId) (or the action that removes the enrollment by specifying user ID first and then org unit ID), the calling user context must have permission to:
See user enrollments in the first place (Users>View User Enrollments), at the organization level
Search for the user role type(Users>Search for RoleType), at the organization level
Enroll the user role type (Users>Enroll RoleType), at the organization level
Since the various enrollments actions are considered administrator-type actions, they use the "Users" role permissions at the organization level.
D2L has not currently provided classlist level API actions to unenroll users (so user contexts that would be able to un-enroll users from the classlist tool, within the web UI, often cannot do so using the Learning Framework API, unless the calling user's role has the organization-level permissions required to unenroll users).