In order to handle multiple users on SASjs Server we need to enable a permissions system to restrict access to certain endpoints, such as /#/SASjsStudio.
By default, the admin user should have access to everything, and every new user (not a member of any groups) should have access to nothing.
Access can be granted selectively to API endpoints, AppStream apps, and embedded apps, by simply setting rules on the requested URI.
Examples:
URI
Principal
Setting
/#/SASjsStudio
SAS Programmers
Grant
/SASjsApi/code/execute
SAS Programmers
Grant
/AppStream/secretApp
Authenticated Users
Deny
The Principal would be the GROUP, but in future it may include Users or Client IDs. Setting would be Grant or Deny.
On startup of SASjs Server, a number of groups should be initialised:
Public
Authenticated Users
SAS Programmers
There would need to be API endpoints for managing the permissions rules, as well as an admin interface.
In order to handle multiple users on SASjs Server we need to enable a permissions system to restrict access to certain endpoints, such as
/#/SASjsStudio
.By default, the admin user should have access to everything, and every new user (not a member of any groups) should have access to nothing.
Access can be granted selectively to API endpoints, AppStream apps, and embedded apps, by simply setting rules on the requested URI.
Examples:
The Principal would be the GROUP, but in future it may include Users or Client IDs. Setting would be Grant or Deny.
On startup of SASjs Server, a number of groups should be initialised:
There would need to be API endpoints for managing the permissions rules, as well as an admin interface.