I have an AWS multi account setup with several user pools in one account ("auth account") and in the other account ("app account") there is a web app that needs to query the auth account for user pool client info (the "DescribeUserPoolClient" action).
The app account is deployed using CDK and the app uses aws-sdk to query the auth account (using the DescribeUserPoolClientCommand) for information about a user pool.
How do I give access, in CDK code, to the app account to query the auth account for this information?
(The set of user pools are not known at build time, because they will be created programmatically.)
Related
I need to update the approver user for some request in OIM? What is the best practices/solutions or APIs?
Go to
http://hostname:port_number/integration/worklistapp
hostname is the name of the host computer on which Oracle SOA Suite is installed
The port_number used at installation
Enter the user name and password.
You can use the preseeded user to log in as an administrator. If you have loaded the demo user community in the identity store, then you can use other users such as jstein or jcooper.
The user name and password must exist in the user community provided to JAZN. See Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite for the organizational hierarchy of the demo user community used in examples throughout this chapter.
Click Login.
Go to administrative task, search for the request, select the request and from left drop down select reassign. Provide the userID to whom request needs to be routed to. and click on OK.
I need to take a snaphots of all my servers from script in all projects in GCP.
Project count : 10
Servers per project : 05
Written the script in a Server: Automation-server
Script has:
gcloud compute --project $PROJECT_ID disks snapshot ${DEVICE_NAME} --snapshot-names gcp-${DEVICE_NAME}-${DATE} --zone ${INSTANCE_ZONE})
As of now i have configured my E-mail id in the Server X
with gcloud auth
(My E-mail id has access to all of my projects so that i can able to take snapshots of all the servers)
So i can able to do the same via scripting.
I wish not to do this via a user authentication(mentioning the E-mail id) .
Is there any possiblity for doing the above via any application or using any api-key etc..,
By granting the access of all the projects to a application or api-key and by using that , taking the snapshots from the script
This will be used in :
If a user X has access to 5 projects , and an user Y has access to another set of 5 projects.
Need to take snapshots for all the 10 projects using script
at this time if the gcloud auth was done via an application or api-key etc..,
Is it possible or any other way for the above case
This is possible:
Create a service account in cloud project.
Go to each of your 10 projects, and grant the service account either "Editor", "compute.instanceAdmin" or "compute.storageAdmin" IAM permission.
Use gcloud auth activate-service-account in your script to have the script run as the service account.
You could also use multiple service accounts for different projects, and switch between the.
I have ssis package that is running in sql server agent job. There is a proxy account and it is running through users account but that user has been no longer working with us. The challenge here is his account password is about to expire. so what can be done so that package will be smoothly running after his account password will expire ?
Thank you.
If you don't have access to the user login you have to map Proxy account to another credential in order to avoid job fails, check this. Or you can use local SQL Agent Service account in case all files/folders/sever used by job are accessible for that account.
I have implement SOS concept between two php application. it application it available different domain.
I have required following condition.
1.When user is login any appplication to login this user with check user name and password into mysql database table
2.When user is login another application not reenter password direct login with this system.
3.When user logout at time both application can be logout.
-->my first application can be created Yii framework and another is moodle
please give idea to implement this concept in my both application
You can use external database authentication for Moodle -
https://docs.moodle.org/27/en/External_database_authentication
Log into Moodle as an admin then go to site admin -> plugins -> authentication -> manage authentication.
Enable the "external database plugin" and then update the settings to use the external database and map the fields for username, password, email etc.
We have a need to build an EXE app that runs on a customer's server that accesses our Multi-Tenant SQL database.
We have a Column SubscriberId for each table that we use in our web app to limit users to just the records that belong to their SubscriberId - which works perfectly fine (on our servers).
We have an Exchange to SQL service that runs on our server that sync's Exchange Contacts and Appointments to our SQL tables. An issue is that we need customers to grant us the Exchange 'ApplicationImpersonation' role for us to access the data on their server - which means we have access to their whole Exchange database store.
Most customers have been willing to allow us that access level, but a few don't want us to have that level of access - and that's understandable.
Our sync app is a C# .NET console app, and we want to adapt it so we can have end-users install the app on their server and have it sync with our server remotely.
THE QUESTION: Is is possible to create a user on SQL Server 2008R2 that only has access to the rows for that user filtered WHERE SubscriberId = 201 (for example).
We would allow port 1433 access to their server and the user/password would be used in the connection string in the App.config.
If so, we can create an admin panel in an Windows exe app where they setup that SQL User/password and their Exchange Super-User. Then they can remotely sync - but only see their own records in our SQL database.
Otherwise, it seems we would need to re-work the app to use an API and an alternate security scheme. That would obviously be a lot more work :-(
Thanks, Charles
IMHO, I can suggest the following solution.
1. You create a unique token that you can use to identify the tenant via some config or during console app start up.
2. Each tenant will call your service by authenticating using the token.
3. Only valid tenant is allowed to call the services. Rest may be notified of such an attempts.
4. You can even set up the service and the web services to use a refresh token in case of being more secure.