I was wondering if there is a way to disable the "Set Windows password" option that shows up in a user's VM Instance in the Google Cloud VM Instances dashboard?
Thank you!
There is a way to disable the functionality although users will continue seeing the button. It is possible to remove permission from the user account in order to prevent that your users be able to use it, may you want to check this document where explains the needed permissions to set a windows password, as per my understanding removing the role compute.instances.admin should be enough to prevent using the button.
The permissions that is necessary to remove is including by default in roles like owner, then it is necessary remove owner roles from the account that you want to restrict and assign a role which allow them work into your project, that's why I believe this document can help you to clarify some doubts about how permissions and roles work on GCP.
Related
probrem
I am Google workspace user and using Google Compute Engine. I enabled OS login for our project, then login username changed to username_with_domain_suffix.
Now I would like to change my username as username with enabled-OS login, so I checked following document and ask workspace admin to turn checkbox [OS Login API and Include domain suffix in user names generated by the OS Login API ] off in Google Admin Console.
Although our admin change settings, my login user does not change and still being username_with_domain_suffix. Are there any other settings required to login with user without domain suffix? Thanks.
reference
change / set gcloud os login username?
Even the check box turned off at Google admin, previously created username won't change. Only the new os-login user will be affected. I think this is because the (posix) username is created at first use of os-login and do not change after that.
In this case, you can use Google Directory API to update your existing posix account information stored at Google Directory.
I had exact same issue and was able to update my posix username with that.
Reference: https://cloud.google.com/compute/docs/oslogin/manage-oslogin-in-an-org#modify-users
API: https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/update
You'd need to be a Google Workspace Admin(not GCP) to update it. I used "Try this method" in the API link. No need to write a code. But be careful, you may ruin your account info there.
What are the distinct consequences of setting readwrite or readcreate as values of access property for permissions entry in the manifest of a Firefox OS app?
Those permission access values in the manifest are used currently by two APIs, Contacts and Device Storage. For example if your app needs to only read the phone contacts, you have to set "readonly" access. If you set "readwrite" for no good reason (your app doesn't need this higher level of access), your app might fail the review for being added in a marketplace. Another example is if your app just needs to export a contact and save it to the phone contact list. In this case you need to set "createonly". With this setting in your manifest, trying to read or modify an existing phone contact will fail. "readwrite" will allow you to both read, modify and create contacts. "readcreate" will allow you to just read and create contacts.
With those permissions set, the user will be prompted if he wants to allow the corresponding operation. The access levels methods are fine-gained so that the user has more control over what the application can do with his contacts/files.
I have a web app in php mysql, I want to use one google drive account for my app.
Can I use my app's accounts instead of google users for privilages.
I read in SDK I can use service account to login without promting user, but I don't know how to share or give permissions files for custom users.
In api reference I found this:
"The user is not necessarily yet a Google user (e.g. if a file or folder is shared with an email address that does not yet have an associated Google account). Example: 1111459233037698895607".
How a custom user in my app should get a token for own privilages.
I am not exactly sure what you want to achieve here, but if you want to use your own permission system, you can't. You can, however, apply read/write/owner permissions to files to mirror your own permissions.
If I have totally got the wrong idea, please explain.
How can i disable or delete an user in mediawiki?
I can delete the records from the db but i am not sure if this would affect anything else in the wiki.
Any suggestions would be welcome
Thanks
Prady
1. This solutions is available out of the box for MediaWiki 1.16+
The user and all the contributed content will remain but they will not be able to log in any more.
There are two steps that need to be done:
First block the user using the link in Special Pages.
Blocking can be performed against user id or IP address to prevent them from editing the wiki.
They will still be able to log in and view content.
Then in LocalSettings.php add $wgBlockDisablesLogin=true; ($wgBlockDisablesLogin).
Now upon logging in the user will be greeted with Login error. This user is blocked. Login not allowed..
2. This solutions requires an extension that works with MediaWiki 1.29+
If you want to completely remove access to a user, e.g. on a simple private wiki, it's not possible to simply delete the account (unless no edits have been made); you can block it, but the user will still be able to read pages. However, using User Merge and Delete extension you can merge the account in another one and delete the former; the original account will then "disappear".
Also:
If you want to preserve history readability (i.e., to have edits from the user to be still shown under his name), you can create a new account e.g. with username "OriginalUserName (deactivated)" and then merge "OriginalUserName" into the former, or even use Renameuser extension.
I suppose if you wanted to revive the user later on you would need to repeat this process but this time you would merge OriginalUserName (deactivated) into OriginalUserName.
See Preventing Access page in the MediaWiki manual.
There's a special page that Admin users can see, /Special:BlockIP. Block them there.
You can also get to it from the Special Pages page, /Special:SpecialPages.
you could also reset the password of the user via
/Special:PasswordReset
note: I would not recommend deleting data via scripts in the DB. there are various functionalities for rolling back unwanted user edits, merging contribution from one user to another, etc.
I log into hudson as an admin but the left hand column remain the same as a normal non-admin user. I have tried -
Delete the account and create new one with all the admin rights.
delete all cookies
Tried on different browsers
Type in the link for the configuration page, which throw a "missing the ExtendedRead permission" error.
None of the above work, anyone have any suggestion on the issue?
Just to put together what I now so far. Please fill the baps if there are any.
You use the Extended Read Permission Plugin
Configured a user in Hudson. Do you use "Hudson's own user database" than or something else?
The plugin description says it adds a column to the "Matrix-based security" or "Project-based Matrix Authorization Strategy" authorization stream. Do you use one of these two?
Now I am getting confused about what you are missing for an Admin. I use the "Project-based Matrix Authorization Strategy". When I am configured only with the global administration permission. I have full control over Hudson and all jobs running on Hudson.
To be able to help you, please describe you setup as it pertains to the authorization settings in detail. Do you have other plugins installed that might interfere here?