In the ShinyProxy Configurations how can I limit particular apps for a specific user.
For example I have three apps.
-App1
-App2
-App3.
I only want user: Jack to access App3 and user: Tesla to access: App2 and App3
Thanks.
In the ShinyProxy Configurations how can I limit particular apps for a specific user.
For example I have three apps.
-App1
-App2
-App3.
I only want user: Jack to access App3 and user: Tesla to access: App2 and App3
Thanks.
Hi @Babacar_Diouf,
Authorization is dealt with by using the groups
field in the app configuration.
See http://www.shinyproxy.io/configuration/#apps under groups
.
The group membership can currently defined in your LDAP directory or specified in the users
in case the simple
authentication is used.
Best,
Tobias
Hello @tverbeke, So If I wanted to do this via LDAP. Lets say I already have the LDAP access. The filtering of who is an administrator and who has access to particular applications is all handled by the application-demo.yml correct?
I am trying to figure out how the LDAP can connect to the ‘groups’ section of the configuration. I am confused about this process.
Is there a way I can also group people based on LDAP, so that in scalability side of things I can easily add or remove specific user access to particular applications.
Thanks,
Babacar Diouf
Hi @Babacar_Diouf:
It is assumed that the group names you enter in the groups
field of a particular app correspond to real groups in your LDAP directory.
The group-search-base
and group-search-filter
properties in the ldap
configuration allow then to check for individual users whether they belong to the right group to get access to a particular application (as per the groups
configuration of the app).
Best,
Tobias
@tverbeke is my understanding then correct that the users: part of the config is not used when authenticating via ldap?
It would actually be nice if we can also just enter a list of user names that should get access to an app, since getting new groups approved can take a while, and sometimes we just want to get a prototype out.
Hi @Wligtenberg,
The users
section is relevant for the so-called ‘simple’ authention, cf.
https://www.shinyproxy.io/configuration/#simple-authentication
This authentication is activated using
proxy:
authentication: simple
and is indeed mutually exclusive with the use of
proxy:
authentication: ldap
Simple authentication allows to define users and passwords inside the application.yml
file, primarily for demo or non-production purposes.
That being said the idea to allow for something like access-users
instead of access-groups
is definitely something we can consider.
Many thanks for the suggestion!
Best,
Tobias
For future reference I created a issue on github to track this: