EzDevInfo.com

user-permissions interview questions

Top user-permissions frequently asked interview questions

Permission Denial: this requires android.permission.INTERACT_ACROSS_USERS_FULL

I am having an issue with sqlite db in Android. But as I made a quick research on the internet, I suspect that the problem is not related to sqlite but system user. My app is not recognized as authorized user to access db functionalities. I tried to apply possible suggested solutions in stack overflow but none of them made a difference. This is the LogCat I am facing every time I attempt to use db functionality.

12-14 02:35:17.721    2953-3355/? E/DatabaseUtils﹕ Writing exception to parcel
java.lang.SecurityException: Permission Denial: get/set setting for user asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL
at com.android.server.am.ActivityManagerService.handleIncomingUser(ActivityManagerService.java:13082)
at android.app.ActivityManager.handleIncomingUser(ActivityManager.java:2038)
at com.android.providers.settings.SettingsProvider.callFromPackage(SettingsProvider.java:577)
at android.content.ContentProvider$Transport.call(ContentProvider.java:279)
at android.content.ContentProviderNative.onTransact(ContentProviderNative.java:273)
at android.os.Binder.execTransact(Binder.java:388)
at dalvik.system.NativeStart.run(Native Method)

I tried to add permission

android.permission.INTERACT_ACROSS_USERS_FULL

but still no sound. The strange thing is when I try to add INTERNET permission Android Studio 0.3 (ide I use) suggests me possible permissions I can choose. But when it comes to INTERACT_ACROSS_USERS_FULL permission it behaves like it has no idea about this permission. My test device is Samsung S4 running on 4.3.

I assume that I am not the only one who tries to use db on android. So there is a solution.

How can I really add INTERACT_ACROSS_USERS_FULL permission to my application?


Source: (StackOverflow)

Android Wifi Direct: Avoiding user acceptance when connecting to a known peer

While connecting to a peer using WiFi Direct, user's permission is required. I know that connection can't be made without user never giving the permission and there's a feature request for this kind of functionality: https://code.google.com/p/android/issues/detail?id=30880

But I don't need this feature, asking for permission on the first connection is OK (also, more secure). Is there any method such that the permission is asked for the first time only? And when trying to connect to same peer later, the permission is not required.


Source: (StackOverflow)

Advertisements

What's the difference between staff, admin, superuser in django?

Django has superuser, staff, admin…

superuser and staff are in django.contib.auth.models.UserManager. Then there is the createsuperuser command of django-admin.

Well, there are admin apps… What's the difference?


Source: (StackOverflow)

I need an Amazon S3 user with full access to a single bucket

I have a user foo with the following privileges (it's not a member of any group):

{
  "Statement": [
    {
      "Sid": "Stmt1308813201865",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bar"
    }
  ]
}

That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as is throwing an error after an upload when it tries to do do key.set_acl('public-read').

Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?


Source: (StackOverflow)

MySQL grant all privileges to database except one table

I've been unable to find a reasonable solution to achieve the following:

I wish to have a user that has ALL privileges on a database (or series of databases with the same schema), except for one table, to which they will only have SELECT privileges.

Essentially I want the user to have free reign over a database but not to be able to update a specific table.

So far I have tried, to no avail:

  • Granting all privileges on that database (db_name.*) and then specifically granting only select privileges on that desired table (hoping it would overwrite the "all", stupid I know).

  • Granting all privileges on that database (db_name.*) then revoking insert, update, and delete. But this produced an error saying there was no grant rule for db_name.table_name.

From what I've been able to gather I'll have to individually grant all privileges on each table of the database except the read only table.

Please someone tell me there is a easier way

Note: I'm running MySQL 5.1. The latest available on Ubuntu 10.04.


Source: (StackOverflow)

How long should I wait after applying an AWS IAM policy before it is valid?

I'm adding and removing AWS IAM user policies programmatically, and I'm getting inconsistent results from the application of those policies.

For example, this may or may not succeed (I'm using the Java 1.6.6 SDK):

  1. Start with a user that can read from a particular bucket
  2. Clear user policies (list policies then call "deleteUserPolicy" for each one)
  3. Wait until the user has no user policies (call "listUserPolicies" until it returns an empty set)
  4. Attempt to read from the bucket (this should fail)

If I put in a breakpoint between #3 and #4 and wait a few seconds, the user cannot read from the bucket, which is what I expect. If I remove breakpoints, the user can read from the bucket, which is wrong.

(This is also inconsistent when I add a policy then access a resource)

I'd like to know when a policy change has had an effect on the component (S3, SQS, etc), not just on the IAM system. Is there any way to get a receipt or acknowledgement from this? Or maybe there is a certain amount of time to wait?

Is there any documentation on the internals of policy application?

(FYI I've copied my question from https://forums.aws.amazon.com/thread.jspa?threadID=140383&tstart=0)


Source: (StackOverflow)

How to set permissions in an svn repository?

I created a repository on a network drive with svnadmin create repos.

Is there a way to set user permissions to the repository?

And if that is the case how can those permissions be set?


Source: (StackOverflow)

Is there a way of detecting whether a user has already given permission to use navigator.geolocation?

Apart from setting a cookie the first time round, is there a way of detecting whether a user has already given permission for navigator.geolocation to return the lat/long of the browser?

If there is, what is it and is it the same across all browsers or different across all browsers?

This subject has been partially answered elsewhere

According to GeoLocation API – Chrome / Safari – Permission management and Visual Differences, Chrome asks for a revokable one-time permission. I haven't finished reading the article, but it would seem that storage of permissions is not a purely-Chrome thing to do.


Source: (StackOverflow)

Symfony2 Group permissions with ACL

Where I work we are designing a webapp in which users may belong to multiple groups and each group has access on a set of resources not known in advanced. Plus, users can enter or leave groups and groups can acquire or lose access to resources, so the whole permission granting system needs to be dynamic.

We are using Symfony2 and the FOSUserBundle.

We like how the ACL system works, but we could not find a way to apply it to the Group object.

Has anyone done something like that with Symfony? Or do you have any suggestion on how to implement it in other ways?


Source: (StackOverflow)

Spring OAuth2 checkUserScopes is not working as expected

First of all, according to Spring doc , if i want to map user roles to scopes, i should use setCheckUserScopes(true) to DefaultOAuth2RequestFactory. So one way to do this, is injecting my own DefaultOAuth2RequestFactory bean, as doc says:

The AuthorizationServerEndpointsConfigurer allows you to inject a custom OAuth2RequestFactory so you can use that feature to set up a factory if you use @EnableAuthorizationServer.

Then i do

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends
        AuthorizationServerConfigurerAdapter {

    ...

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints.authenticationManager(authenticationManager)
                .tokenStore(tokenStore)
                .tokenServices(tokenServices());

       endpoints
            .getOAuth2RequestFactory(); // this doesn't return me my own DefaultOAuth2RequestFactory 

    }

    @Bean
    @Primary
    public OAuth2RequestFactory defaultOAuth2RequestFactory() {
        DefaultOAuth2RequestFactory defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(
                clientDetailsService);
        defaultOAuth2RequestFactory.setCheckUserScopes(true);
        return defaultOAuth2RequestFactory;
    }
}

EDIT

I've overlooked the method requestFactory() from AuthorizationServerEndpointsConfigurer. That was the correct way to pass it to Spring Security. Setting OAuth2RequestFactory bean as primary didn't work. I've deleted some things to focus on the real problem:


After this observation, the actual problem:

as i understand, if the user has authorities A and B, and the app has scope A, then he gets just 'A' scope. But this is not happening. What is really happening is that if app has scope A, and APP (not user) has authorities A and B, then user gets A. But this doesn't make any sense. This is DefaultOAuth2RequestFactory method that resolve user's scopes:

private Set<String> extractScopes(Map<String, String> requestParameters, String clientId) {
    ... // I avoid some unimportant lines to not make this post so long
    if ((scopes == null || scopes.isEmpty())) {
        scopes = clientDetails.getScope();
    }

    if (checkUserScopes) {
        scopes = checkUserScopes(scopes, clientDetails);
    }
    return scopes;
}

private Set<String> checkUserScopes(Set<String> scopes, ClientDetails clientDetails) {
    if (!securityContextAccessor.isUser()) {
        return scopes;
    }
    Set<String> result = new LinkedHashSet<String>();
    Set<String> authorities = AuthorityUtils.authorityListToSet(securityContextAccessor.getAuthorities());
    for (String scope : scopes) {
        if (authorities.contains(scope) || authorities.contains(scope.toUpperCase())
                || authorities.contains("ROLE_" + scope.toUpperCase())) {
            result.add(scope);
        }
    }
    return result;
} 

Is this a bug? Please tell me if i am wrong. Regards


Source: (StackOverflow)

postgresql database owner can't access database - "No relations found."

I've got an user: user_x that owns a database on postgresql and does not have any ROLE attribute like (CREATE_DB, SUPERUSER,...)

This user_x can access the whole DB, create tables (on his database), select, insert and update data.

I've got this list of databases:

mydatabase=> \l
                                     List of databases
          Name           |  Owner   | Encoding  | Collation | Ctype |   Access privileges   
-------------------------+----------+-----------+-----------+-------+-----------------------
 postgres                | postgres | SQL_ASCII | C         | C     | 
 mydatabase              | user_x   | UTF8      | C         | C     | 
 template0               | postgres | SQL_ASCII | C         | C     | =c/postgres          +
                         |          |           |           |       | postgres=CTc/postgres
 template1               | postgres | SQL_ASCII | C         | C     | =c/postgres          +
                         |          |           |           |       | postgres=CTc/postgres
 whoami                  | postgres | SQL_ASCII | C         | C     | 
(6 rows)

and the following roles:

mydatabase=> \du
                       List of roles
 Role name |            Attributes             | Member of 
-----------+-----------------------------------+-----------
 postgres  | Superuser, Create role, Create DB | {}
 user_x    |                                   | {}

mydatabase=> \d
                        List of relations
 Schema |               Name                |   Type   |  Owner   
--------+-----------------------------------+----------+----------
 public | addresses                         | table    | user_x
 public | addresses_id_seq                  | sequence | user_x
 public | assignments                       | table    | user_x
 public | assignments_id_seq                | sequence | user_x

 ...

All right, till I dump data and restore it on another postgresql server.

After import the data with on another server (with same database name and user) and logged on psql the \d command reply with: "No relations found."

So I added SUPERUSER role to user_x on the imported database server and tadã user_x can see the relations and data again.

But user_x don't need to have SUPERUSER privilege to access this database.

What's wrong with this imported dump? Does anyone now how to solve this?


Source: (StackOverflow)

Better way to represent user roles in database

Is representing user permissions better in the user table or better in its own permissions table?

Permissions in User table
Putting permissions in the user table means making a column for each permission in the user table. An advantage is queries should run faster because no joins are necessary when relating users to user permissions. A disadvantage is that having many permissions columns clutters the user table.

Permissions in Permission table joined to User table with many-to-many relationship
Doing it this way cleanly separates out the permissions from the user table, but requires a join across two tables to access user permissions. Database access might be slower, but database design seems cleaner.

Perhaps keeping permissions in a separate table is better when there are many permissions. What are other considerations in making this decision, and which design is better in various situations?


Source: (StackOverflow)

Is CouchDB per-user database approach feasible for users with lots of shared data?

I want to implement a webapp - a feed that integrates data from various sources and displays them to users. A user should only be able to see the feed items that he has permissions to read (e.g. because they belong to a project that he is a member of). However, a feed item might (and will) be visible by many users.

I'd really like to use CouchDB (mainly because of the cool _changes feed and map/reduce views). I was thinking about implementing the app as a pure couchapp, but I'm having trouble with the permissions model. AFAIK, there are no per-document permissions in CouchDB and this is commonly implemented using per-user databases and replication.

But when there is a lot of overlap between what various users see, that would introduce a LOT of overhead...stuff would be replicated all over the place and duplicated in many databases. I like the elegance of this approach, but the massive overhead just feels like a dealbreaker... (Let's say I have 50 users and they all see the same data...).

Any ideas how on that, please? Alternative solution?


Source: (StackOverflow)

AngularJS - permission directive

I am trying to write directive that will evaluate user permissions.

In case user is not permitted to see given content

  1. the content will not be displayed (done, working fine)

  2. requests from controllers inside permission directive will not get fired.

Example:

Controller:

function MyController ($scope){
     // performing imediately server request, witch is allowed only for admin
     // therefore i will get error when non admin user access this page
}

Permission directive:

return {
        priority: 1000,
        restrict: 'E',
        link: (scope, element, attrs) => {
            var permission = attrs.permission;

            if (/*evaluating permission*/) { 
                // user has permission, no work for me
                return;
            }

            element.remove();
        }
    };

All together:

<permission permission="isAdmin">
    <div ng-controller="MyController">
    </div>
</permission>

This version is removing elements from DOM, but request in MyController still gets executed. Off course, I can make check for permissions in MyController, but I don't want to.

Thank for help.


Source: (StackOverflow)

No activity found to handle intent action.dial

I'm trying to make my app call a number from an EditText, but I get:

android.content.ActivityNotFoundException: No Activity found to handle Intent { act=android.intent.action.DIAL dat=Ring Tel nr. 123456789 }

I've searched a while for an answer, but most of the answes are permissions and add activity to the Manifest. I've done both, if I'm not doing it wrong. And I'm running it on my phone, not the emulator. I've tried both with and without the intent-filters. Here are the codes: Manifest: <uses-permission android:maxSdkVersion="19" android:name="android.permission.CALL_PHONE"/>

        <activity
        android:name="nu.sluggo.testapp.annons.Activity2">
        <intent-filter>
    <action android:name="android.intent.action.DIAL" />
    <category android:name="android.intent.category.DEFAULT" />
</intent-filter>

Button to make the call (gets phone number from SharedPrefs to a1 below:)

        knapp_ring.setOnClickListener(new View.OnClickListener() {
        Intent call = new Intent(Intent.ACTION_DIAL);
        @Override
        public void onClick(View v){
            call.setData(Uri.parse("Telnr:" + a1));
            startActivity(call);
        }
    });

Source: (StackOverflow)