We have implemented tuleap to my organisation and we have some 5 internal groups. I have created a tracker with new artifacts is only bind to user-groups and not to users.
So, when a new artifact was created the team member will only select the user group.
In semantics there is a option only for bind to users. (Since i have selected only bindto usergroups alone, the artifact is not transferring to the respective group).
Is it possible to make the artifact is bind to the user groups?
This is not yet possible to have the assigned_to semantic bound to user groups
Related
I would like to create an Azure Active Directory Custom role with the following perimeters:
Who to assign the role to:
Either a user, or group
What access will the role have:
Default role permissions from "User Access Administrator" directory role
Scope:
The custom role would only grant access in the specified AAD Groups
(My idea is to have users with this custom role, be able to fill the roles of a User Access Administrator ONLY in the Scoped AAD Groups)
This would provide application administrators the required rights to assign application roles to the specified "Scope" AAD groups, with least privileged in Active Directory
Is it possible to scope an Azure Active Directory custom role to an AAD Group? Not assign the role to a group, but rather the custom role only grant permissions to manage the AAD Group (Assign / Remove application roles to the group... etc)?
Meaning no rights/permissions exist in AAD, except for User Access Administration of that specified "Scope" AAD Group
If so, what would the scope format be, when creating the custom role? Preferable in JSON or Powershell
There is no support today for custom roles in Azure Active Directory. Only the predefined Administrator Roles, as described in the documentation, are available for use.
You may, however take a look at the advanced self-service or delegated group management capabilities and combine them with some existing role (like User Access Adminsitrator or Application Administrator). You may also like to see the difference between Application Administrator and Cloud Application Administrator.
In persuade for least privilege access, you may find the Least Privilege Role by Task document useful. And also the Microsoft Azure AD Privileged Identity Management to control and audit privileged tasks.
Last, but not least, a preview feature - Administrative Units may be of interest to you.
To summarize it
As of today (2018-12-04), there is no option to create custom role within Azure AD. Neither to constrain given role to a specific Group (be it security or office)
I believe this is already available now? https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview
I searched a lot about mandatory access control lists and i did not find useful information about how to apply macl in documentum. i need to know the steps and how to configure.
I already had Documentum CS 7.3 with TCS license enabled and i tested it by applying esignature on pdf document
macl allows you to dynamically apply acl to objects depending on specific conditions.
Example 1:
Software developers are assigned read permission on documentation documents
Team Leads are assigned write permission on documentation documents.
Project Managers are assigned delete permission on documentation documents.
Example 2:
while Users are located in US
users are assigned a write permission on documents under US cabinet and read permission on documents under all other cabinets e.g: UK, Egypt, UAE.
If Users logged in from another network location like UK
Users are assigned write permission on documents from UK cabinet and * read permission * on documents under all other cabinets.
I found The answer to my question by using:
the Required Group, and Required Group sets
where you can give some users some permissions and apply it only if they are members of a specific group only.
Required Groups
(Users/Groups must be a member of all listed groups to access this item)
Required Groups List
(Users/Groups must be a member of at least one of the listed groups to access this item)
I found an issue with EMC's documentation documents:
It states that in order to benefit from Trusted Content services Capabilities you must have TCS license installed. but, practically whether you installed the TCS license or not you can create dynamic ACLs and benefit from the group membership restriction. (practically TCS is not required "case was Tested", and there is misleading information about Dynamic ACLs usage and implementation) no scenario is provided
Sorry, but from your question one could assume that there is something called mandatory ACL within Documetnum platform. However there isn't - AFAIK.
There are several ways with which you can dynamically apply ACL or in terminology of Documentnum platform permission set.
Based on repository configurable parameter:
inherit from object type
inherit from user who created object
inherit from parent folder
If this doesn't fits you you can write TBO (Type Based Object) code which acts as trigger and runs your custom logic.
There are other ways to achieve what you want but you need to be more specific about your requirement.
If your client is D2, you can utilize the dynamic permission model based on documents attributes. This way you can achieve what you are asking for.
There's one special folder that I need everyone as collaborators. I can add all existing members but would like it be automatically done for all future new members.
I know I could write an app using Box API to check for new members and then add collaboration through API, but just want to know if there's a simpler solution - just create a folder and apply some settings, then new members could be automatically invited.
Thanks a lot!
Is your account enabled for single sign on? If so you can pass the group membership via SAML and assign the folder you wish all users to be collaborated on to that group.
For instance you could create an "All Users" group on Box (Admin Cosole >> Users and Groups) and then assign it your "All Users Default Folder" then pass this "All Users" group name as an attribute in your SAML assertion.
If you do not have single sign on enabled I would still recommend collaborating new users by group membership but you will need to perform two steps
1. Create a new user
2. Add the user to the "All Users" group
These functions can both be done via the API. It just depends how you are currently provisioning seats to your Box account.
Is there a way to provide generic permissions for users to run reports stored in the Report Manager? I can see how to provide access on an individual user basis via Manage -> Security -> New Role Assignment, by adding the User's Windows login name and assigning them to the Browser role for the report. (Report Manager already knows the domain name).
However, we don't want to be continually having to manage this for each new user. I want anyone under that domain name to have access without needing to configure it. I had hoped that just adding the domain name as a 'user' to the Browser role for that report would do it, but to no avail.
You can add any domain group that has been set up, not just individual users, or you can simply add all domain users, i.e. MYDOMAIN\Domain Users to the Browser role, which seems to be what you're after.
However, I would recommend creating a generic user group like MYDOMAIN\SSRSReportUsers or something like that and adding this group to the browser role instead of MYDOMAIN\Domain Users, as adding all users to the Report Server seems like it doesn't give you many options to manage this in any sort of granular way.
We are creating a back end admin system and want to allow users in roles such as finance and membership to have access to certain areas. Ideally we would like to show only areas that you have access to in the navigation.
Using umbraco 4.7+ and razor. We are using the Microsoft role provider.
I was wondering if anyone knows how I could access the currently logged in users role?
DynamicNode has two methods that will be your friends here, HasAccess() and IsProtected(). Here's an example of how to filter and show nodes that the user only has access to. Here's another one.
Using those methods you shouldn't need to have to get the roles of the currently logged in user, but that's not hard to do as well. Roles.GetRolesForUser() returns an array of the currently logged in user's roles. For more information, refer to the documentation.