Knime Repo Access Management via LDAP/SSO in Knime AP

Hi Team,

I am trying to control the access of Knime Repo folders in Knime Analytic Platform via LDAP/SSO.
Can you please guide/direct me the steps ?

The server is connected to LDAP - but wondering what steps are needed to tell knime AP to use LDAP?

The ultimate goal is to control the folder access under Knime AP.(in Viewing/downloading/uploading)

Hi @Arun_Prasath . How are you trying to “access” the repo?

2 Likes

@Arun_Prasath the KNIME server would support LDAP. You can read about it here

https://docs.knime.com/latest/server_enterprise_setup_guide/index.html#introduction

Other than that I can only assume you might be able to control access to folders on a server without explicit integration in the KNIME analytics platform. Though you might have to check how the restriction of access to the location of the “knime-workspace” folder (where the magic is happening) would be influenced and if it would work from a remote server/shared folder (think performance).

1 Like

Mounted via the Knime Analytic Platform as Knime ServerSpace.

I have implemented LDAP in Server and could control the access for the webportal login via the groups. I want to now control the Folder Access under the Repo based on the team he belongs to.

Eg: If he belong to HR , he should only see HR related Flows. A non HR related person should not see those flows from Knime Analytic Platform nor from Webportal.

2 Likes

Ok that might be a question for the KNIME team. Maybe @MichaelRespondek or @Iris can weight in.

1 Like

@Iris I could see that you have moved this under Knime Server. But For knime server , we already have the document on LDAP and it is self clear but not for Knime AP.

@Arun_Prasath,

Per default the User logged in on the KNIME Server via the KNIME Analytics Platform will see all Folders he has read permissions on. If you want to restrict this you can set the following option manually within the knime-server.config or via the administration configuration portal on the webportal:

com.knime.server.repository.hide_unreadable_groups=<true|false> [RT]

When set to true, if a user does not have:
read-permission for workflow groups, e.g. <workflow_group1>, <workflow_group2>
and, write-permission for the parent workflow group, e.g. <parent_workflow_group> in path <parent_workflow_group>/<workflow_group1>
then the not readable workflow groups are hidden to the user.
When set to false, which is the default value for this option, all workflow groups are shown as soon as the user has read permissions for the parent workflow group.

Source: KNIME Server Administration Guide

This works for all KNIME Server installations >= 4.11.4.

Best,
Michael

4 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.