Knime Server restrict access to user

Hi,

If it possible to provide to a user access to the server, and then restrict the user to see only a specific folder?

If this is possible, could you provide a tutorial on how to do this. I haven't found something online so far.

 

Best.

Hi 11atzizi,

Yes, this is possible, you can assign access permissions to each server item (files, workflows or workflow groups) to control the access of other users to your workflows and groups.

The server stores the owner of each server item, which is the user that creats the item. When you upload a workflow, copy a workflow, save a workflow job (an executed workflow) or create a new workflow group you are assigned to the new item as owner. When a new server item is created, you can set the permissions how you want this item to be available to other users. Later on, only the owner can change permissions on an item. To do that please take a look at the screenshot I have attached. To access to the Access Right configuration window, just select the item for which you want to modify the permissions, right-click on it, and click Permissions. To set different permissions, you first need to uncheck the permission "Inherit permissions from parent '/' (you have to be the owner of the selected item). Then click on "Edit Group Rights", enter the name of a group and give it the permissions (read, modify, execute).

A note about the groups. When the KNIME Server administrator defines the users that have access to the KNIME Server, the users are assigned to groups. Groups can be defined as needed – for example one group per department, or per research group, etc. Each user must be in at least one group, and could be in many groups.

A note about workflow group permissions:

  • With the read permission the user is able to see the content of the workflow group. All workflows and subgroups contained are shown in the repository view.
  • With the write permission the user can create new items in this workflow group. He can create new subgroups and can store new workflows or metanode templates in the group. Also deletion of the group is permittedHaving the write permission 

And about workflow permissions:

  • with the execute permission the user can execute the workflow, which means to create a workflow job from it. It does not include the right to download that job, or even store the job after it finishes (storing requires the right to download).
  • with the write permission the user can overwrite and delete the workflow.
  • with the read permission the user can download the workflow (including all data stored in the workflow) to its local desktop repository and inspect the workflow freely.

Please be aware that the name of the group that you enter at this stage should correspond to an existing group (created on the WebPortal Admin page or inherited from LDAP Authention or AD).

Hope this is helpful,

Best,

Vincenzo

Hi Vncenzo,

 

Thanks for your detailed reply. But is still not what I am looking for.

As Knime server administrator, I have other folders on the server which I do not want to be seen from a specific user. So, the premission explanation your wrote above is not helping towards this. Yes, it gives access to a group for a specific folder in the server, but parallel this group of people can see whatever else I have in the server. How can I restrict this?

Best,

A

Hi 11atzizi,

I do not know if I am getting right what you are looking for, but if you want to restrict the access of a user to one specific folder you can do that. Here is the process:

1- If you do not have LDAP/AD go in the Admin page available within the KNIME WebPortal and click on the Users & Groups tab

2- create a Group and include the User into the group you have created

3- go back to the client (KNIME Analytics Platform) and connect to the KNIME Server through the mountpoint

4- right-click on the folder for which you want to restrict the access 

5-uncheck the option inherit permissions from parent '....'

6-click the button "Edit" and enter the Group you have created where the specific User is part of, and set the permissions you want to give to that Group

7-keep unchecked all the options available for the "World"

8-repeat the process for all the directories you want to restrict the access

This settings will be applied also to the users that have access to the KNIME Server through the client, i.e. through KNIME Analytics Platform.

Hope that helps,

Best,

Vincenzo

How do I manage access using LDAP/AD groups?