Hi,
i red the adming guide of Rstudio connect, in the concrete the article about PAM authentication, where was stated, that PAM is not providing UNIX groups, but i really need exact unix group also in RSC, with all users. Is there any hack, or alternative solution how to solve this problem ?
Thanks in advance,
Tomas
Hello! Thanks for reaching out on this!
I am not completely following, so would like to clarify what you mean:
Does this mean you want to use unix groups to manage access to content within RStudio Connect? I.e. have unix groups visible within the "Groups" pane in the Connect UI?
Or do you mean that you would like to manage UNIX group memberships for the linux accounts on the server, but these do not need to be visible within the "Groups" pane in the RStudio Connect user interface?
I presume you are discussing the former, but want to confirm before we move deeper 
Does this mean you want to use unix groups to manage access to content within RStudio Connect? I.e. have unix groups visible within the "Groups" pane in the Connect UI?
Yes, you are asbolutely right - and still assuming pam configuration in rstudio connect configuration file
[Authentication]
Provider = pam
Yes, unfortunately today Connect does not have a way to read the groups from the linux operating system and instantiate them inside of Connect.
However, it is possible to automate this type of task with the RStudio Connect Server API: https://docs.rstudio.com/connect/api/
(User cookbook here: https://docs.rstudio.com/connect/cookbook/)
In particular, there is an R package that can simplify some of these tasks if you wanted to write the work yourself. You can create groups, assign memberships, remove memberships, etc. The important task would just be ensuring that you have a way to read group memberships in a nice way.
Is that a task that you would feel comfortable doing?
In the meantime, I will definitely share this feedback with our team! We always enjoy hearing which features would be useful. Are you managing groups on the linux server yourself, or are groups coming out of an LDAP server / Active Directory somewhere?
Hi @cole,
thank you for your help, it works as I imagined, almost.. I need the last piece of puzzle. Is there any way, how can i generate API key, for user, from the R using connectapi ? Something like that genera_api_key('user') and maybe he need to verify with his password for obtaining api key, but i need to do this from R. Thanks !
Very interesting! What is the reason for needing to generate an API key for a user?
Generally this pattern is frowned upon as administrators should not necessarily make impersonating other users a practice, since in many cases administrators may not have (or should not have) access to the same data or assets that publishers or viewers might.
As such, there is not a way to do this today. Knowing the reason for this workflow may help us either recommend alternatives or more strongly consider this type of functionality in future product improvements!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.