Publisher can only publish application on RSC, but only Admin can setup who can access the application

tomasj7 · June 30, 2020, 7:15pm

...Hi, i wrote in last months this ticket:

But right now, the logic little bit escalate. Let me introduce my case:

I am Shiny developer, with publishing rights. I develop Rshiny application, click on Publish button in Rstudio/Rstudio server, and after while, my application is deployed in the Rstudio Connect instance. Right now, i can only set up ,,You'' option in the ''Who can view this application'' drop down menu. The only user who can set up access permissions can be user with administration role.

Is there any possible solution to restrict publishers like that ? I try the solution from the mentioned ticket above, but this can only restrict publishers to have options : {'You','Specific users and groups''} in mentioned drop down menu above.

Regards,
Tomas

cole · July 1, 2020, 7:40am

Thanks so much for sharing this idea! Do you mind articulating the use case behind this request? Why should publishers be disallowed from giving access to anyone?

Unfortunately this setting is not available today. Customers with this use case typically take one of two approaches:

The "audit" approach : Use the audit logs to keep an eye on whether or not a publisher makes this type of change to access controls. If they do, you can notify them that this is not allowed and train proactively
The "promotion" approach : Have a dedicated Connect "prod" server where only administrators can publish. Typically this will be done via CI with "programmatic deployment" / promotion from the "dev" server or via "Git-backed deployment". Then administrators are in control of this server, the ACLs, publishing, etc.

We will definitely share this use case with our team for future consideration, though! If you can provide any more detail about your use case and why publishers are not allowed to set ACLs, that would be helpful for our internal discussion!

tomasj7 · July 6, 2020, 9:22am

Hi @cole,

thank you for your help CI and Git-backed deployment was very helpful!

And right now about use case:

I think, there is a lot of firms and corporates, which are working with very sensitive data, and Rstudio Connect serves as Deployment and Sharing platform just for small team, and for everyone across company/firm and if there is a still option to select who can and who cannot access the application, in the means of publisher, this option is strictly against the governance rules of company (because of data).

I think, this feature in some way missing in shiny/rstudio connect packages.

Thank you againg for your help, I really love rstudio connect and Rshiny (and i think, this post is not my last one! :D)

Regards,
Tomas

cole · July 6, 2020, 10:26am

That makes a lot of sense! Thank you Tomas!! We will definitely pass along that use case to the team!

Please do let us know what other thoughts / feedback / issues you have! Your feedback is invaluable to us!