I can see my email ID not in Admin role but just as member in people tab. So the one in agent role resent me invitation with Admin role. Even though I accepted that, I did not see my role changed from member to Admin. So I followed a suggestion on a forum, suggested to change role in iTunesConnect. So the agent added my role in iTunes connect with admin role and resent invitation. Now I can see my role in iTunes connect as 'admin' role. But in people tab in apple developer account my role is still in member. Can you please suggest me how to change my role here to admin?
Sending a new invitation is not the right approach.
Someone with admin or team agent role needs to edit your existing user to "Change to Admin".
https://developer.apple.com/account/#/people/YOUR_TEAM_ID_HERE
Related
I am trying to chnage user role on app store connect from role Developer and Marketing to App Manager. And after selecting App Manager role option under Roles menu getting following error.
Is there something related to roles and access or it's just a server error?
Try to unclick the "Create Apps" role access under "Additional Resources" and then assign the "App Manager" role.
It seems that if the Create Apps role already exists the new role cannot be assigned.
I'm testing LMS API using https://apitesttool.desire2learnvalence.com/
I have:
App ID
App Key
User ID
User Key
I can get users from my LMS API https://lms.freedomhighschool.ca/d2l/api/lp/1.30/users/
This is private route and i have access to it.
But when i'm trying to create new user i got "Message": "Not Authorized"
This is admin user and i can login via LMS and to do everything i want(create, delete, update) users.
So, what's the problem? Why can't i create new user via https://apitesttool.desire2learnvalence.com/ ?
https://i.stack.imgur.com/gE98j.png
https://i.stack.imgur.com/BmOiC.png
It looks like you have RoleId = 0. In order to create a Brightspace User, you need to provide a Role Id value.
The user account you are using in the Test Tool will also need to have the appropriate permissions to Enroll users. For example, if you are wanting to enroll a "Student" then your user account needs to have the permission "Users - Enroll 'Student'" turned ON.
In "App Store Connect -> Users and Access" I'm trying to add an app to some user.
When I'm trying to save changes I get error:
"Your account doesn’t have permission to edit other users. Contact your team agent for more information."
The problem is that I'm the admin in App Store Connect and agent in the corresponding apple developer program account.
Ok, so in order add permissions for some app to a user I've needed to change his/her role then return previous role and after that add the app. It allowed me to save the changes.
You can checkout for your role under the People Section of the developer account.
Login to Developer Account
Click on People tab on right side.
Checkout your role and see, if you are agent and admin for that team.
Possible reason for this to happen is:
You are having multiple developer account or some one has added you as the admin to their team. And when you tries to login with your developer id and password, you may be redirected to that team, in which you role as admin only.
So, choose the appropriate team by clicking the right down arrow, besides your Name in https://appstoreconnect.apple.com
Must be a bug,
if you un-check and re-check user role at same time you adding new apps bypass the permissions.
I believe should be Apple reported.
Scenario: Native app with user (user role) present including a user profile page allowing the user to update his profile.
Azure AD v2.0 endpoint used & app registration done accordingly. App is used by many tenants, therefore we have admin consent flow included in the apps sign-up flow.
Account Types: Work & School Account
Admin consented scopes (delegated permission per tenant on registered app):
User.ReadWrite
Directory.AccessAsUser.All (Admin Only)
Directory.ReadWrite.All (Admin Only)
User.ReadWrite.All (Admin Only)
From the documentation:
User permission
User.ReadWrite and User.Readwrite.All delegated permissions allow the app to update the following profile properties for work or school accounts:
aboutMe
birthday
hireDate
interests
mobilePhone
mySite
pastProjects
photo
preferredName
responsibilities
schools
skills
Question 1: Did we understood the terms and documentation correctly?
Question 2: What about other user fields not in this list? Is there no Graph Scenario at all to change them? The documentation is a bit unclear in terms of if possible with user delegated rights or just application delegated right or not possible at all.
Concrete:
Job Title? Can a user with delegated permission ever updated this field or do we need application permission to do so?
User Profile Photo? Can a user with delegated permission update his/her own profile picture or do we need application permission to do so?
The next sentence after that list you referenced from the documentation explains this:
With the User.ReadWrite.All application permission, the app can update all of the declared properties of work or school accounts except for password.
So yes, you can only update the full set of user properties using Application permissions (aka the Client_Credentials flow).
I'm having an issue with the unenroll call in Valence API for the users with roles that are hidden. I can unenroll the users with visible roles though.
My organization's wiki says that "If users are missing from the Classlist, their role in the course may be hidden". Is there any way to unenroll such a user? Am I missing some permissions to unenroll these users with hidden roles?
In order to delete a user enrollment using DELETE /d2l/api/lp/(version)/enrollments/orgUnits/(orgUnitId)/users/(userId) (or the action that removes the enrollment by specifying user ID first and then org unit ID), the calling user context must have permission to:
See user enrollments in the first place (Users>View User Enrollments), at the organization level
Search for the user role type(Users>Search for RoleType), at the organization level
Enroll the user role type (Users>Enroll RoleType), at the organization level
Since the various enrollments actions are considered administrator-type actions, they use the "Users" role permissions at the organization level.
D2L has not currently provided classlist level API actions to unenroll users (so user contexts that would be able to un-enroll users from the classlist tool, within the web UI, often cannot do so using the Learning Framework API, unless the calling user's role has the organization-level permissions required to unenroll users).