I have an Azure management API instance which has 2 products defined which has apis inside the 2 products. Now Product 1 - inside the portal belongs to Customer 1 (Supported by Support Operator 1) and Product 2 belongs to Customer 2 (Supported by Support Operator 2). What I need is a way to keep the permissions of Support Operator 1 and Support Operator 2 separate. Support Operator 1 - only deals with Product 1 and Support Operator 2 deals with Product 2. Is there anything inside RBAC to give fine grained permissions at API Product level?
That can be done via custom roles in RBAC. See more details here: https://learn.microsoft.com/en-us/azure/api-management/api-management-role-based-access-control
Related
Setting up an API with Azure API management. We've created 2 products, one that requires subscription and one that don't. We did this as vi have a single API where we want some of the operations to required subscription and others where we don't. Is this possible in a single API or do we need to create two APIs? The issue with 2 APIs is that any prefix ala "/api" needs to be different, and we want it to look like a single API
This is not possible, unfortunately.
As stated in the documentation subscriptions only apply to Products and individual APIs.
Se this UserVoice suggestion where "Operation Visibility" is suggested.
Greetings from Denmark ;-)
/rasmus
I have recently tried to review the Chinese -> English system. According to https://blogs.msdn.microsoft.com/translation/2017/11/15/microsoft-translator-accelerates-use-of-neural-networks-across-its-offerings/ , those systems were already switched to NMT models. There is also statement, that user can still use the statistical system when setting category to "SMT".
However the https://blogs.msdn.microsoft.com/translation/2016/01/27/new-microsoft-translator-customization-features-help-unleash-the-power-of-artificial-intelligence-for-everyone/ mentions there were actually three standard categories available for SMT engines: General(default), TECH, SPEECH.
Could you please explain which domain is offered by the SMT category now? And for how long it will be supported on your side?
Thanks
We are working on customizaton using a neural network decoder. Currently, the Microsoft Translator Hub has 3 Category IDs for SMT and they are general, tech and speech.
With content that is not narrowly confined to your domain, you may find it to be better using category=generalnn than your current customization.
Chinese is using the NMT system so using Category=generalnn would result in the same translation when calling the service using the Microsoft Translator Text API.
The second article is addressing Customization where you can create your own custom translation system or dictionary tuned to your domain, style and terminology. If you're interested in customization (SMT at this time), there are categories associated with using the Translator Text API and the Microsoft Translator Hub. The category identifies the domain for the project you create using the Hub. Two of the categories are Tech and Speech.
See the Microsoft Translator Hub User Guide to learn more about the Hub.
The tech category will produce different results only when translating FROM English to other languages. In the case of English>Chinese, with my sample sentence "My computer doesn't boot up.", it does. For Chinese>English, specifying "tech" will fall back to the default, which is neural in the case of Chinese<>English. "speech" generates the same results as "generalnn" in all cases.
It is generally true, including for Hub categories, that a category that is valid in one language pair is valid in all language pairs. The API will fail with an "invalid category" error only if that category doesn't exist at all. The reason for this design is so that you can build your custom systems out language by language, over time, while still allowing the user to choose between all available languages, at the cost of, maybe, occasionally suboptimal domain vocabulary in an as of yet uncustomized language pair.
The API does not return to you whether a customized system was used or not. A trick to get that feature anyway is to watermark your custom system using a dictionary entry. Make a dictionary entry "_mywatermark" that translates to "CustomSystem180309_1700_en_ru" for instance, and then you can test anytime, in any application, whether you are getting your custom system or not.
I've read RFC7644, and RFC7643, and have a few questions.
First: how do I provision entitlements? I see there's a default methodology for provisioning groups and users. That includes a pretty straightforward mechanism for provisioning users' membership in groups, entitlements they have, and roles they have.
I also see that there's a mechanism for creating a group with members in it during provisioning.
What I don't see is a built-in mechanism for creating a group, and linking entitlements to it (or creating entitlements that are then linked to groups).
Do I need to build a custom schema extension for groups? Do I need to build a custom schema for entitlements?
My second question is: how exactly DO I create custom extensions and schemas? The RFCs are pretty vague about how you might do that while being compliant with their standard.
After re-reading the SCIM standard, I have an answer to at least the first part of my question.
"Group" resources are meant to enable expression of common
group-based or role-based access control models, although no explicit
authorization model is defined. It is intended that the semantics of
group membership, and any behavior or authorization granted as a
result of membership, are defined by the service provider; these are
considered out of scope for this specification.
What this means is that entitlements granted via membership in a group are out of scope for SCIM. If you want to provision entitlements (or non-Group roles), you need to implement it yourself, or build a custom schema extension/custom schema.
Unfortunately, the RFC has yet to yield how you would actually do that last bit.
Been using the API for about a week now and I can't seem to figure out how to access this data in ItemSearch.
The attribute IsEligibleForPrime tells you whether the Article is for Amazon Prime or not. It is delivered with the Response Group OfferListings
http://docs.aws.amazon.com/AWSECommerceService/latest/DG/CHAP_response_elements.html#IsEligibleForPrime
If you perform an ItemSearch the ResponseGroup will contain IsEligibleForSuperSaverShipping which will tell you if it is Prime eligible.
I am just setting up in-app purchasing within my app .. it will be a single 'Durable' item that I am allowing the users to purchase.
I have got it going in testing with the MockIAP project, but it does raise some questions.
My Durable purchase will be an 'upgrade to pro' so I named the key as 'ProUpgrade' within the mock initial setup.
when I go to purchase the product within my app, the message asks if I want to buy (ProUpgrade). Is this the only name/description that is visible to the user? I thought that there were more descriptive terms that could be entered as part of associating the product to the app?
how will this work in a multi language app? The Key I am checking for is my 'ProUpgrade' key and presumably that is the name across all languages. It would be nice if a translatable name could be entered in the description (i.e. a different one for each language) but then as per my first point - not sure if that will ever be displayed. Perhaps this is clearer when the product is added to app as part of the submission, but I haven't got that far yet.
because I have a single product, i was not retrieving the product list for the app and was going straight in to check if its been purchased
if (!licenseInformation.ProductLicenses["ProUpgrade"].IsActive)
But as I found out, this a bit dangerous if its not in available product licenses. (Got an exception) Whilst I feel that I could rely upon my single product being there, presumably best to make the call to get all product licenses and check to see if its there?
In DevCenter, when you define your product (IAP) - you have to enter product alias,id (key) display name and description and list of languages. In the later stages in the product definition, depending on the earlier language selection, it asks for respective translations of the product definition etc.
This is the only place, where you define the IAP product info for all languages(if you decided to translate them), otherwise default language content will be displayed.