How to set share access for custom developed DG package

andreas.gasser.novartis.com · September 25, 2020, 2:54pm

Dear DG team,

I’ve created a custom JS DG package and would like deploy this package with a “service user” instead of my default DG user. I’ve seen some ways to specify the shared user group within the package.json file but cannot find anything about this in the documentation.

Do you have an example or some guidance how to do this?

alex.paramonov · September 25, 2020, 7:34pm

Hi Andreas,
There is no documentation yet on this, but we are working on it!
Here is what you need to add to package.json:

 "canView": [
    "All users"
  ],
  "canEdit": [
    "Developers"
  ]

All groups must exist.

skalkin · September 25, 2020, 8:04pm

Just wanted to mention that we were planning to change this in the future slightly by introducing the “privileges” node that will also contain app-specific privileges (the code below is the prototype). But of course it shouldn’t stop you from using the current solution

"privileges": {
     "canRegisterCompounds": [ "Chemists" ],
     "canSeePatents": [ "Legal" ],
     "canView": [ "All users" ],
     "canEdit": [ "Developers" ]
}

andreas.gasser.novartis.com · September 28, 2020, 8:03am

Interesting idea. I assume the “canRegisterCompounds” and “canSeePatents” are custom privileges, right? How are they created and managed?

skalkin · September 28, 2020, 12:45pm

Yes, they would be custom privileges defined on the application level (the code snippet below contains the definition - they are physically created during the deployment of an app). They would be granted to users using our regular mechanisms (either in the package.json like shown above, or via the UI). Then, the application code would be able to check whether or not a user is granted a particular privilege, and act accordingly (enable / disable functionality, show error messages, etc).

Disclaimer: this is just a proposal at this stage; this is a perfect time to influence the way it will be implemented.

andreas.gasser.novartis.com · September 28, 2020, 2:19pm

Like the idea. At the moment I’ve implemented this by using internal JSON files but the approach with using groups sounds way more flexibel.

In this scenario: how do we manage users like adding users dynamically to the newly created group?

alex.paramonov · October 1, 2020, 11:26am

We think that this can be done in the UI.
So, you create groups (either grok publish creates), and then you are free to add users there.
Users can also request a membership. And admin (or admins) of such group receives a notification, where he can approve or deny.

Also, you can use JS API to manage these groups.