KNIME AD Group Mapping to Folder Report

Hi Team

Can anyone please assist how we can take a report of AD Groups mapped to the knime folders in the KNIME Server?

Thank you

Regards
Narayanan.

Hi @narayanan,

I believe this isn’t directly possible. What you could do on KNIME Server Medium and Large is to get this information via REST:

In a first step, query all repository items with GET /knime/rest/v4/repository/?deep=true. Next, you can go through the response and call the linked :permissions endpoints. These will return all groups that have access to the item.

This can be put together into a KNIME workflow using GET Request nodes and some JSON processing.

Kind regards
Marvin

1 Like

Thank you Marvin for the suggestion. it works, able to see the permission details in the web page json.
but the when tried to call using Get REST API, getting invalid output. Not sure what I am missing and how to call the linked permission endpoints (json to table)?. Please advise.
getrequest

Hi @narayanan,

in the WebPortal you were probably logged in. To access the REST API, you need to authenticate (indicated by the 401 response status). You can specify the user login in the Authentication tab in the GET Request node (selecting basic authentication). You can find a longer introduction to our REST API here:

Kind regards
Marvin

Hi Marvin,

Thanks for reply. I have tried the authentication using basic but not getting allowed…
I am able to login into Web portal and KNIME Analytics platform without any issues. I am using AAD login to authenticate into KNIME webportal/AP.
But via Get Rest node Basic authentication not getting authorized.
Tried using NTLM also with domain option but still the error same.

Regards
Narayanan.

Hi @narayanan,

if you’re using OAuth to sign in in the WebPortal (a button that forwards you to another sign-in page), then these accounts will not work for REST directly. The server administrator would need to add/configure a realm for user/password based authentication, though that is probably a bit out of scope here.

Instead, you can try using JWT tokens. You can manually create one by calling the /rest/v4/auth/jwt endpoint when logged in to the WebPortal (e.g. via our REST documentation on Swagger: <your-server>/knime/rest/doc/index.html#/Session/getJwt_1):

You can then use the token in the authorization header, as shown in How to use get request node using bearer token - #2 by bruno29a and you can set the Authentication tab to “None”. By default, these tokens can’t be valid for longer than 30 days, but you can use a valid token to call the endpoint and get a new token.

Kind regards
Marvin

1 Like

Hi Marvin,

I followed the way to generate jwt credentials for the current session and received a file with response_xxxx.txt. In this I didnt find the format like "Bearer “Token” " to add it in the Request headers of GET Rest API. Can you help to guide how to find out the token information from the generated jwt credentials to pass for input.

Regards
Narayanan.

Hi @narayanan

the response you get is the token. You can use that token to authenticate by setting the header
“Authentication” with the value “Bearer ” as described in above post. You can do this in a KNIME Workflow by concatenating the strings "Bearer " and your token.

Kind regards
Marvin

Hi Marvin,

Sorry for the delay reply. Able to login using jwt token (missed to add the whole token) and get authenticated to the server. Got the output in json format.

Now i use json to table node to get in table format from the json output. From this i used column filter and selected for “owner” & “href”

Can you please guide how to call the linked :permissions from the json to table output format.

Thank you

Regards
Narayanan.

Hi @narayanan,

there are multiple ways how you can process this, e.g. by turning the JSON into a table and doing ETL operations on the table, as you suggested.
I tried with the JSON Path node on the response JSON, by selecting one of the :permissions URLs and clicking “add collection query”:

This created the JSONPath you see in the screenshot, though that didn’t quite do the trick.

Searching a bit, I found the query $..['knime:permissions']['href'] to be what I was looking for.

I’ll leave further ETL work to you though :wink:

Kind regards
Marvin