Restricting applications to certain users or groups in Shiny Server Pro

Follow

With Shiny Server Pro, you can restrict access to applications by organizing them into locations, then using the required_user or required_group directive to specify who should be able to see the apps in each location.  For example:

 

/etc/shiny-server/shiny-server.conf

run_as shiny;
auth_passwd_file /etc/shiny-server/passwd;
log_dir /var/log/shiny-server;

# Define a server that listens on port 3838
server {
  listen 3838;

  # Define a location at the URL "/example1"
  location /example1 {
    site_dir /srv/shiny-server/example1;
    required_user bob jane maria;
  }

  # Define a location at the URL "/example2"
  location /example2 {
    site_dir /srv/shiny-server/example2;
  }
  # Define a location at the URL "/example3"
  location /example3 {
    site_dir /srv/shiny-server/example3;
    required_user andy beatrice;
  }
}

# Provide the admin interface on port 4151.
admin 4151 {
  required_user admin;
}

 

This configuration uses flat-file authentication and three locations.  

  1. Location /example1 is restricted to the users bob, jane, and maria.  All applications deployed as subdirectories under /srv/shiny-server/example1 will only be accessible to those three users.
  2. Location /example2 is not restricted.  All applications deployed as subdirectories under /srv/shiny-server/example2 are open to all users; these applications will not require a login.
  3. Location /example3 is restricted to andy and beatrice.  All applications deployed as subdirectories under /srv/shiny-server/example3 will only be accessible to those two users.

This pattern holds true for any type of authentication, not just flat-file auth.  If you are using PAM, LDAP, or AD authentication, you could choose to use the required_group directive to restrict a location to members of a particular group, instead of listing out each user in the required_user directive.  For instance, this configuration would restrict the example4 location to the users in a group called shiny_group:

  # Define a location at the URL "/example4"
  location /example4 {
    site_dir /srv/shiny-server/example4;
    required_group shiny_group;
  }

Comments