1,392 questions
0
votes
0
answers
33
views
How to handle ABAC efficiently for unbound number of entities?
I am implementing ABAC for different objects/users.
All works good when I need to GET single object. Policy rules are enforced and all good.
Issue are collections.
When I have collections, especially ...
- 15.1k
0
votes
0
answers
102
views
How to Understand Access Conditions in Mifare Classic 1k
I am working with Mifare Classic 1K, and so far I have successfully inserted/updated data in each block using key A with default access byte FF0780.
I am trying to understand the documentation, but I ...
0
votes
0
answers
38
views
CORS Issue When Deploying Travel Web Application on EC2 and Using Ngrok
We are developing a travel web application and attempting to deploy it on an EC2 instance. We've also tried using ngrok for tunneling, but we're encountering persistent CORS issues between different ...
0
votes
1
answer
113
views
How to Restrict Access to Screens Based on Group Membership in PowerApps?
I'm working on access control within my PowerApps application and need to prevent users who don't belong to a specific Azure AD group (Entra ID) from accessing certain screens.
In the OnStart property ...
- 31
0
votes
0
answers
48
views
Accessing user jwt claims in Trino/Presto
How can I configure Trino on an EMR cluster to authenticate users using JWT, ensuring that when a user logs in, they are added to Trino and can only access data associated with their tenant ID? ...
- 75
0
votes
0
answers
30
views
Render React component at once instead of one by one
I am using a react dashboard framework Refine (Next.js with mui) and enabling access control in my project.
The sider items will not render one by one if there is no access control provider available.
...
- 83
0
votes
1
answer
59
views
Hasura conditional column-based access control
I am using Hasura for the GraphQL API. I have also configured RBAC using Hasura. For example, for the Manager role, I granted access to the following columns in the users table for Read operations: id,...
- 25.7k
0
votes
0
answers
16
views
Localhost:Port has been blocked by CORS policy [duplicate]
I'm receiving the following, though I've configured CORS in my middleware:
XMLHttpRequest at 'http://localhost:8000/api/check-admin' from origin 'http://localhost:4200' has been blocked by CORS ...
0
votes
1
answer
60
views
Azure SQL analysts can create views from forbidden cross database data
TLDR Problem
User can view forbidden data by creating a view to the forbidden data in his own personal schema where he has CONTROL permissions.
Introduction
I have a Azure SQL (Managed Instance) ...
- 77
0
votes
1
answer
74
views
System.Security.AccessControl AccessControlType vs AceType
Is System.Security.AccessControl.AceType is just more detailed version of System.Security.AccessControl.AccessControlType? Is there a way to convert AceType to AccessControlType or these are two ...
- 538
0
votes
0
answers
23
views
How to organize the issuance of rights in Kubernetes IaC?
How to organize the issuance of rights in Kubernetes IaC? I have a cluster with many namespaces, developers only need rights to individual namespaces. I don’t want to do this manually, I believe that ...
- 1
2
votes
2
answers
218
views
Protected and "package-private" visibility when inheriting from class in different package
I'm kind of new to visibility and want to really internilize these concepts.
I've learnt that "package-private", the default visibility in Java, allows us to see fields from classes in the ...
0
votes
0
answers
22
views
Disallowing access to specific file(s) on a per-process basis?
Unix has several ways to control file access on a per-user basis. I'm interested to know if there's a way to do this on a per-process basis; in particular making the file unreadable or even invisible ...
- 766
0
votes
1
answer
38
views
Restricting read access to MediaWiki pages based on category and group
I have a page with this content, which is a page intended to be accessible only for users in the "sales" group. Even for reading.
This page contains content for sales.
<!-- Tag for ...
- 188
0
votes
0
answers
43
views
Is it possible to set up different first factor authentication method on ADFS based on group membership?
I am new in the security environment and I am still learning, I am trying setting up MFA on ADFS and wondering if it's possible to set a configuration like this one:
The normal user just logs with ...
0
votes
1
answer
109
views
Cannot create a page on mediawiki
When i submit a new page , i always get this error:
Sorry! We could not process your edit due to a loss of session data.
You might have been logged out. Please verify that you're still logged
in and ...
- 188
1
vote
1
answer
187
views
api platform security check performed after custom provider code is already executed
I have encountered very unpleasant API Platform behavior with security with custom providers.
I really need some explanation if this behavior is really intended or is it a security flaw.
During my ...
- 346
0
votes
0
answers
58
views
Why is my Voter being called multiple times and without the subject when securing properties in API Platform?
I am working on a Symfony 7 application where I need to implement fine-grained access control using security voters. Specifically, I want to grant access to an entire resource based on one set of ...
0
votes
0
answers
62
views
Implementing User-Based Device Filtering in ThingsBoard
Body
I am planning to filter devices based on the user in Thingsbaord . Imagine there is a main user; this user allows other users to see information about certain devices or not. I am planning the ...
- 342
0
votes
0
answers
24
views
RBAC system that lets you pick what role you want to log into?
I'm working with a system that asks you to select which role you want to use when you log in. Is there a name for this approach? (The other RBAC systems I've worked with simply give the user the union ...
- 2,346
0
votes
0
answers
43
views
CORS error continues on node.js even after importing the cors package
I have included the cors package tries the res.header and still getting the cors error
Access to XMLHttpRequest at 'localhost:3000/auth' from origin 'http://localhost:4200' has been blocked by CORS ...
-2
votes
1
answer
209
views
AWS: Cross account access fails with not authorized to access this resource
I'm trying to set up cross account access in AWS. I'd like to access the parent account from a sub account. This is what I've done so far:
Parent Account:
Created a new role test_role and gave it full ...
- 2,977
0
votes
0
answers
502
views
Handling Unique Permissions with CASL and TypeORM in NestJs
I'm using CASL for authorization in my NestJS application with TypeORM for persistence. I've defined permissions with unique constraints on "action" and "subject" columns to ...
- 73
0
votes
0
answers
132
views
Casl - How to allow access to related entities?
I am building a nestjs app with CASL as a access control library. But I ran into a problem which I can't find an easy solution to: If a user has a read access to an entity, he should also have access ...
0
votes
0
answers
95
views
CORS Policy Issue When Making Fetch Call to Azure Service from Next.js App
I'm developing a Next.js application and am encountering a CORS policy issue when trying to make a fetch call directly to the Azure Cognitive Search service from my client-side code. I need to call ...
0
votes
1
answer
54
views
Error of Access-Control-Allow-Origin for post request with data
I try to create a post ajax request with data using Axios when the server side is ASP classic and the client side is React using type script
this is my server side :
<% Response.AddHeader "...
- 327
2
votes
2
answers
651
views
Access-Control-Allow-Origin alwasy set to * in spring boot
I am setting CORS using the following configurations, in spring boot, but the browser shows as if I am using * not the specified URL !
@Bean
public CorsConfigurationSource ...
- 349
0
votes
1
answer
156
views
Unable to View Roles in Storage Account in Azure getting Blank
When I tried adding roles, I am unable to view any roles in Role assignment section. How can I view them?
- 23
0
votes
0
answers
311
views
How can i fix CORS policy problem in Nuxt?
I have a Nuxt.js application. I try to fetch data from an api everytime the user change the page. but i get confronted by a Cors problem:
Access to fetch at 'https://api.jikan.moe/v4/top/anime/?page=...
- 1
1
vote
0
answers
30
views
How do I enable access control on an already up and running MongoDb container?
Im trying to enable access control on our MongoDb containers without recreating them. They had set the prod Db's without AC enabled and now they're presenting the product to the customers. So me ...
0
votes
1
answer
62
views
Is there a universal way to test the Access Control List of a folder and its children in PowerShell, independently of inheritance?
In PowerShell, I can define a .NET Directory Security object and give it different rules:
$acl = New-Object System.Security.AccessControl.DirectorySecurity
$acl.AddAccessRule($rule_a)
$acl....
- 868
0
votes
0
answers
27
views
CORS error when deploying MERN app: 'Access-Control-Allow-Origin' missing header for hosted server, and 404 Not Found on server deployment
I have a MERN app which is divided into 2 folders client and server
I have hosted the client and server separately on Vercel and then replaced the localhost URL in the code with the appropriate URLs
...
- 21
0
votes
1
answer
2k
views
How can i restrict access to an Azure app service?
I have an Azure app service. Now i want to restrict access to all users except to a
certain few users.
I have tried to give access via the Access Control (IAM), what do is i select ,"Add role
...
- 111
0
votes
0
answers
89
views
Use my login system to control access to Digital Ocean Spaces objects
I have my own login system where users can login and perform actions on the web app and one of the things that they can do is upload files.
I decided to use object-based storage such as Digital Ocean ...
- 1,857
0
votes
0
answers
106
views
Nestjs access control cannot read roles
so I have a nestjs application with session authentication that I set to session by role. Then I followed one of other people's tutorials or repositories like this:
https://github.com/vladwulf/cwv-...
1
vote
1
answer
169
views
Creating a Limited Privilege PostgreSQL Role for Backend Server
I am trying to create a role in postgres for the backend server and for security reasons I want to limit the backend_user privileges. The user have access only to database_x and the public schema and ...
- 132
0
votes
2
answers
408
views
Conditional Binding for Objects in Google Cloud Storage Buckets
I am working with Google Cloud Storage (GCS) buckets and I need to set up conditional access control for objects in these buckets. Specifically, I want to give viewers access to objects in a certain ...
- 96
0
votes
1
answer
224
views
Cloud Run/Build artifacts buckets are created with Fine Grained access policy by default
When using Cloud Run Jobs (I'd assume any service running Cloud Build under the hood as well), dedicated artifact buckets are created. Their naming is usually something like: us.artifacts.project....
- 3
2
votes
1
answer
91
views
Memory Access Control in Windows Memory Management
Why can't windows kernel disallow cheater programs processes to access games memory at runtime through ACL (Access Control List) or other access control methods??
- 81
-1
votes
1
answer
252
views
Azure DevOps - Decode ACE permission bits
When getting Access Control Lists via the Azure DevOps API it returns a list of Access Control Entities which have fields "Allow" and "Deny".
As far as i understood from the docs, ...
0
votes
1
answer
796
views
Open FGA Wildcard Relationship From Object to User
I am trying to define user and admin schema in OpenFga
model
schema 1.1
type user
relations
define admin: [admin#member]
type admin
relations
define member: [user]
I have added ...
- 105
0
votes
1
answer
103
views
MLRun, Role issue - Read only mode for Events, Identity, Grafana, etc
I'm having trouble with accessing the typically admin parts of the Iguazio platform, like 'Services', 'Identity', 'Clusters', 'Grafana', ... but in read-only mode.
When I used 'Application Read Only' ...
- 32
0
votes
1
answer
51
views
How to Restrict Access to Maven automation testing framework Project's Main Folder Contents?
I have a Maven automation testing BDD-Cucumber framework project where the main folder contains essential testing configurations and reusable components. I want to allow clients to use these ...
3
votes
1
answer
1k
views
How to format Ceph S3 bucket-policy Principal?
I'm trying to set the bucket policy for a Ceph S3 bucket.
This policy works but enables public access
{
"Version": "2012-10-17",
"Statement": [
{
...
- 31.9k
0
votes
0
answers
115
views
Can the mechanism of `java.security.AccessControlContext` be generalised to include any context information?
This question is derived from reading Hadoop credential management: In Hadoop 3.3+, function UserGroupInformation.doAs can introduce an "execution scope", that allows some context ...
- 3,754
0
votes
0
answers
59
views
TYPO3 10.4 - how do I determine which FE-Group may assign a BE-Group?
i am using TYPO3 10.4. I have a BE-Group which rules the access to a specific page, where a my FE-Users. I got it to enable the access to this page and enable that the BE-group is allowed to create ...
- 1
0
votes
0
answers
82
views
CORS issue when connecting Angular project to Laravel backend - No 'Access-Control-Allow-Origin' header present, but it work in PostMan
I have a problem and I would like to know where my error is: I want to connect an Angular project to Laravel, but I'm getting this error: "Access to XMLHttpRequest at 'https://back-domain.com/api/...
- 1
5
votes
0
answers
1k
views
Authorization header included despite CORS
I have a really decent understanding of CORS and how it works. Some of the things I know pretty well from resolving past CORS errors and reading the spec are below:
By default, the browser omits ...
- 823
1
vote
0
answers
18
views
Oracle light weight directory access protocol
I am using Oracle Lightweight directory manager of version 170717. I am trying to provide restricted access to my ldap by using ip bind keyword. But after some time around 20+ minutes. When I try to ...
- 11
-1
votes
1
answer
114
views
Why do memberwise initializers become 'private' when the structure contains a private property?
The default memberwise initializer for a structure type is considered private if any of the structure’s stored properties are private.
(Source: https://docs.swift.org/swift-book/documentation/the-...
- 89