Gladly. If anyone finds anything below unclear, I would be happy to elaborate.
My overall goal is to offer different capabilities based upon a user's group membership. In this case, it limits which observations they can see.
At first, I planned to use session$groups. The app would authenticate through RStudio Connect using group "AppUsers". Membership in other groups then determined the scope of data access. A simple lookup table lookup mapped between the group and corresponding value for data filtering. A rough sketch in R is below.
# initial solution sketch
# global.R
library(dplyr)
# Each data set is pulled from RSC an rmd report which
# refreshes hourly. They are wrapped in reactivePoll which checks for
# updates every 15 minutes, so the user privileges will never be more
# than 75 minutes out of date. Looking forward to pins package!
lookup <- data.frame(ad_group = c("Dept1", "Dept2"), ind = c(1, 5))
data <- data.frame(x = c(1000, 5000), ind = c(1, 3))
# mocking the shiny user info I was hoping for.
session <- list(groups = c("AppUsers", "Dept1"))
# in server.R. the previous data are reactive, so these are as well.
data_scope <- filter(lookup, ad_group %in% session$groups) %>% pull(ind)
filtered_data <- filter(data, ind %in% data_scope)
# rest of app which consumes filtered_data
Instead, I ended up offloading the user privilege determination to the same rmd which stores the AD group mapping. Using a third data set, I can map user to AD group, then AD group to privilege.
Given the small number of users (100) and frequency of use, I think this is more than good enough for my purposes.