In the ShinyProxy Configurations how can I limit particular apps for a specific user

In the ShinyProxy Configurations how can I limit particular apps for a specific user.

For example I have three apps.

I only want user: Jack to access App3 and user: Tesla to access: App2 and App3


Hi @Babacar_Diouf,

Authorization is dealt with by using the groups field in the app configuration.

See under groups.

The group membership can currently defined in your LDAP directory or specified in the users in case the simple authentication is used.


Hello @tverbeke, So If I wanted to do this via LDAP. Lets say I already have the LDAP access. The filtering of who is an administrator and who has access to particular applications is all handled by the application-demo.yml correct?

I am trying to figure out how the LDAP can connect to the ‘groups’ section of the configuration. I am confused about this process.

Is there a way I can also group people based on LDAP, so that in scalability side of things I can easily add or remove specific user access to particular applications.

Babacar Diouf

Hi @Babacar_Diouf:

It is assumed that the group names you enter in the groups field of a particular app correspond to real groups in your LDAP directory.

The group-search-base and group-search-filter properties in the ldap configuration allow then to check for individual users whether they belong to the right group to get access to a particular application (as per the groups configuration of the app).


@tverbeke is my understanding then correct that the users: part of the config is not used when authenticating via ldap?
It would actually be nice if we can also just enter a list of user names that should get access to an app, since getting new groups approved can take a while, and sometimes we just want to get a prototype out.

Hi @Wligtenberg,

The users section is relevant for the so-called ‘simple’ authention, cf.

This authentication is activated using

  authentication: simple

and is indeed mutually exclusive with the use of

  authentication: ldap

Simple authentication allows to define users and passwords inside the application.yml file, primarily for demo or non-production purposes.

That being said the idea to allow for something like access-users instead of access-groups is definitely something we can consider.

Many thanks for the suggestion!


For future reference I created a issue on github to track this:

1 Like