You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
rAccess is an R package that offers a flexible framework for in-appaccess control, allowing local and/or remote storage, organization, andretrieval of access lists. It features a pluggable shiny module tocreate and manage access lists for individual Shiny applications. It isbuilt on top of the Posit Connect Access Management, which means nocredentials are collected or stored.
A friendly user interface enables the app Admin to easily manage useraccess permission for respective access units.
The parameters to therAccess object can either be passed directly asarguments to the new instance ofrAccess or could be defined within aconfiguration yaml file.
Core Concepts
Access Panels serve as organizational containers that group relatedAccessUnits together, enabling you to implement hierarchical access controlstructures. In the rAccess user interface, eachAccess Panel appears as aseparate tab where administrators can navigate to configure permissions. Thistabbed structure allows admins to logically organize access controls byfunctional areas - for example, having separate panels for "Data Visualization","Report Generation", and "Administrative Functions". Each panel can containmultiple related units that share similar access requirements or belong tothe same feature set.
Access Units represent the most granular level of access control in yourapplication - these are the specific elements that users can be granted or deniedaccess to. They could be individual shiny modules, specific UI components (likedownload buttons or input panels), particular data views, or any discretefunctionality within your application. In the rAccess user interface,AccessUnits appear as individual toggles or dropdown selections within theirrespectiveAccess Panel tabs, allowing administrators to precisely control whichusers can access each specific feature or component of the application.
Installation
install.packages("rAccess")
Alternatively, you might also use the development version.
rAccess includes server and ui modules for access management tab whichcould be used within a main Shiny web application.
library(rAccess)
Adding rAccess config file
The package includes a template configuration file, making it simple forusers to get started. It contains all the necessary parameters forrAccess and can be customized to suit individual needs.
To add a config file template to your project directory, use:
rAccess::use_config(file_name="rAccess.yml")
Config file structure
module: rAccessparameters: app_name: # application name * board_type: # local/rconnect/s3 * access_mode: # default/single unit unit_display: # dropdown/switch switch_size: # default/mini/small/normal/large user_df: !expr tibble::tribble( ~userid, ~username, "UserID", "User Name") # Sample user_df use_rconnect_users: TRUE # TRUE - combine rconnect userlist with user_df secure_mode: FALSE # TRUE - Access will be denied to users with no access to atleast one panel/unit local_board_path: # Path to save local pin_board when board_type = "local" s3_bucket: # s3 bucket name when board_type = "s3" s3_access_key: # s3 access key when board_type = "s3" s3_secret_key: # s3 secret key when board_type = "s3" verbose: FALSE # If TRUE prints all updates in the logdata: # Study data path if available datapath1: datapath2: panel_str: # Panel structure to be defined by the developer - access_panel: ADMIN # Every App should have an ADMIN panel.(mandatory) - access_panel: # Access Panel name * access_units: - unit: # Access unit name * - unit: # Access unit name - access_panel: # Access Panel name access_units: - unit: data: # datapath associated with access unit - unit: data: # datapath associated with access unit
For detailed description on the config file components refer vignette: Tutorial.
Creating a new instance of rAccess
Once the configuration file is ready the user can create a new instanceof rAccess as below:
Creating a new instance of rAccess without a config file
If there is no config file in place, user can also pass the rAccessparameters as arguments to the new instance of therAccess object.
access_panels<-list(`ADMIN`=NULL,`Access Panel 1`= c("Unit 1","Unit 2"),`Access Panel 2`= c("Unit 3","Unit 4"),`Access Panel 3`= c("Unit 5","Unit 6"))# User listuser_df<-tibble::tribble(~userid,~username,"UserID1","User Name 1","UserID2","User Name 2")newIAM<-rAccess$new(user="<userid>",app_name="testApp",board_type="local",local_board_path="./data/",pin_name=pin_name,access_panels=access_panels,access_mode="default",user_df=user_df)newIAM$access_panelsnewIAM$access_unitsnewIAM$access_mode
board_type options in rAccess
There three pin board options available for the users: "local", "s3",and "rconnect". This can be specified with the parameterboard_type ofthe rAccess object.
"local" : Local folder will be used as a pin_board. The user mustalso specify the "local_board_path".
"rconnect" : Posit Connect pin_board will be utilized. If thepin_board does not already exist, it will be created and deployed onthe same Posit Connect server where the app is hosted.
The user list for rAccess could either be supplied as theuser_dfargument of therAccess object or could be fetched from the rconnectuser list.
Creating user_df*
user_df<-tibble::tribble(~userid,~username,"UserId1","User Name 1","UserId2","User Name 2","UserId3","User Name 3","UserId4","User Name 4","UserId5","User Name 5")newIAM<-rAccess$new(user="<userid>",app_name="testApp",board_type="local",local_board_path="./data/",access_panels=access_panels,access_mode="default",user_df=user_df)
Using API to fetch user data If you have access to yourorganization’s user directory via an API, you might want to first fetchthe data and then prepare the user_df, similar to the example below
User list will be automatically fetched from the Posit Connect serverswhen deployed. Users must make sure thatuse_rconnect_users parameteris set asTRUE to get users from Posit Connect.
# When deployednewIAM<-rAccess$new(user="<userid>",app_name="testApp",board_type="rconnect",access_panels=access_panels,access_mode="default",use_rconnect_users=TRUE)
