Retrieve group membership of current user in a workflow

Hi all,

Is it possible to retrieve the list of groups the current user belongs to, when running a workflow in the web portal?

I would like to use that folder to choose a default input folder depending on group membership.

Cheers
Jan

 

Hi Jan,

this is possible with a REST call to the server.

with .../rest/v4/admin/users you get a list of all users. 

Which also contains the groups a user belongs to.

Cheers, Iris 

Hi Iris,

thanks for your reply. Unfortunately, it doesn't help for me, as it requires admin permissions, and I would like to get the group of the currently logged in user who doesn't have admin privileges. I also tried using the GET Request node, but it doesn't seem happy if I provide a port number in the URL, such as https://server.my.domain:8443/knime/rest/v4/admin/users

What's more, this call will only give the list of locally configured users, but what I'd need is the group membership of users who authenticated via LDAP (Active Directory integration).

Jan

 

The problem is there is no API for getting all groups in which a user is member of. There is only an API to check whether a user is in a certain group. Therefore we cannot provide this information via REST or any other means. The address that Iris mentioned is indeed only for the built-in user database and accesses it directly.

Thanks, @thor, for the explanation.

That makes sense, I'd also be happy with just getting the current user name to test whether they belong to a specified group. I tried with workspace credentials and with an Input Credentials Quickform node, but I can't select the credentials flow variable in the GET Request node (it is however possible in the database connector nodes, but that doesn't help me).

Do you have any advice how to get at the user name?

Thanks
Jan

 

The Extract Context Properties node should give you the current user's name.

1 Like

Oh, great, thanks! I had missed that node so far.

Thanks, and have a nice weekend :)

Jan

 

I finally have time to get back to this topic, and still have a remaining question:

How can I do this from with KNIME? Given I have a specific group name (from LDAP, not in the local database) and want to check whether the current user is a member of this group, can this be done using the REST API or by querying the current context? That information must be available somehow in the web portal, since authentication and workflow permissions can be set by group, right?

This only works from within the web application, not from within an executor. Technically we could expose this as a REST resource but that seems rather bizarre to me.