I have my APIM instance that is connected to AAD. How can I add a second administrator to the instance? Users signing in through the Developer Portal show up with the Developer role. But how do I add a second administrator?
You cannot add second administrator to the APIM service as mentioned in this document
Administrators groups is an immutable system group. Azure subscription
administrators are members of this group. You cannot add a user to
this group.
Related
I have a similar setup as described in the question I can't enable MFA for Oracle Identity Cloud Service user but a different problem: I cannot enable Multi-Factor Authentication for any user.
On the Oracle Cloud Infrastructure (OCI) console, I do see the "Enable Multi-Factor Authentication" in one of the accounts under Identity >> Users >> User Details. After following all the steps, including scanning the barcode and entering the verification code, when I click the verify button on OCI I get this error: "Multi-factor authentication can only be enabled by the user."
What does this mean? I thought I was the user! I've searched online for this error and looked at documentation, but see no clue.
MFA can only be enabled for Your Own Account.
Tenancy Administrators have no way to enable MFA for other users in OCI but Administrators can disable MFA for other users.
Your Own Account meaning the one which you used for login.
For ex: In below snapshot from OCI, I am trying to enable MFA for other user. I am the Administrator for this tenancy.
I have an Azure VM and I want to configure MS Office applications like MS Outlook & MS Excel on it and also, chevron applications like Well Plan. To be able to do that I need a service account with MS Office license but I don't know how can I get a service account for an Azure VM. If anyone has any idea on how can I do this then please respond.
Thanks & Regards
You don’t require any service account to configure any application on azure VM.
Would suggest you to follow the below step to achieve your requirement in correct way.
Step 1 : You need to first enable AAD Login into your VM.
You can refer this MS Document to enable AAD login into your VM
ONCE configured, login with your AAD account in the VM
Step 2: Make Sure to give RBAC role (Virtual Machine Administrator Login or Virtual Machine User Login) as per your requirement for that user.
Then install office on your VM as the license is already assigned to your AAD account.
If not, you can refer this Document to assigned licences to User/Group.
I need to update the approver user for some request in OIM? What is the best practices/solutions or APIs?
Go to
http://hostname:port_number/integration/worklistapp
hostname is the name of the host computer on which Oracle SOA Suite is installed
The port_number used at installation
Enter the user name and password.
You can use the preseeded user to log in as an administrator. If you have loaded the demo user community in the identity store, then you can use other users such as jstein or jcooper.
The user name and password must exist in the user community provided to JAZN. See Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite for the organizational hierarchy of the demo user community used in examples throughout this chapter.
Click Login.
Go to administrative task, search for the request, select the request and from left drop down select reassign. Provide the userID to whom request needs to be routed to. and click on OK.
Is it possible to give a Google Compute Engine instance permission to delete itself without also giving it permission to delete other instances?
That is, I'd like instance name ABC to be able to run:
gcloud compute instances delete ABC
using it's own name, ABC, but no other name.
From the delete instance API docs, to delete any instance in the project you have to have:
compute.instances.delete permission
One of the following OAuth scopes:
https://www.googleapis.com/auth/compute or https://www.googleapis.com/auth/cloud-platform OAuth scope.
Which seems to me that you either have permission to delete any instance in the project or none at all.
No, the service account that assigned to the instance it's running the gcloud command not the instance.
Permissions are granted by setting policies that grant roles to a user, group, or service account as a member of your project.
Example: The role "compute Instance Admin" can create, modify, and delete virtual machine instances, that's means all the instances in your project. You cannot specify for a specific instance.
The gcloud command below can be applied for the ABC instance or any other instances in your project.
gcloud compute instances delete ABC --zone <zone>
The permission compute.instances.delete is in these roles:
Compute Admin
Compute Instance Admin
Project Editor
Project Owner
You can as well create a custom Role that have mixed permissions and assign it to a service account that will, but you need to be sure that you set every permission required for the action.
Scopes is to Select the type and level of API access that you grant grant to the VM.
By Default: read-only access to Storage and Service Management, write access to Stackdriver Logging and Monitoring, read/write access to Service Control
But you can select which Cloud APIs that the VM I mean the service account can access.
I've got an ssrs report server setup and the data sources are set to use the user's windows login. However when I try to setup a subscription it says it can't because the credentials aren't stored in the data source. Is there no way to have a subscription that uses a generic account but when run interactively it uses Windows username
I use a database account for running all of the reports. You'll have to set this up in each database. Then I have report folder permissions associated to Active Directory groups. I also use a domain service account for deploying the reports and setting up the subscriptions. That way if a member of the BI team leaves the company and their account is deactivated the subscription will still run.
Data Source Example: