Assign group permissions via js api

LabKey Support Forum
Assign group permissions via js api WayneH  2019-03-06 06:28
Status: Active
 

Good morning,

We see in the javascript API reference methods for creating containers, user accounts and groups and adding members to the groups.. We are unclear on how we set permissions/security policy on the groups we create in order to define roles and permissions for users in the project. Can you point us in the right direction for this.. Our aim is to manage groups and users profiles and permissions programmatically.

Thanks,

WH

 
 
Jon (LabKey DevOps) responded:  2019-03-21 16:21
Status: Closed
Hi Wayne,

Our SecurityPolicy endpoint should take care of your needs here.

https://www.labkey.org/download/clientapi_docs/javascript-api/symbols/LABKEY.SecurityPolicy.html

Per the documentation:
=====================
Class LABKEY.SecurityPolicy

Represents a security policy for a particular securable resource on the server. In general, you should obtain an instance of this class from the LABKEY.Security.getPolicy() method. You may use the methods of this class to alter the policy and save it back to the server using the LABKEY.Security.savePolicy() method.

The following definitions should be helpful in understanding the methods of this class:

Principal: A user principal, which can be either a user or a group. Users and groups are both user principals, and in a security policy, a user principal is assigned to a given role.

Role: A role grants a specific set of permissions. For example, the 'Reader' role grants the read permission. Roles are identified by unique names (usually a fully-qualified Java class name). A full set of roles is obtainable from the LABKEY.Security.getRoles() method.

Direct vs Effective Assignment: In a policy, principals are assigned to one or more roles. However, because a principal might be a group, the users that belong to that group are effectively in whatever role the group is assigned to. In this situation, the user is 'effectively' assigned to the role, while the group is 'directly' assigned to the role. Asking for a user's effective roles will return all roles the user is directly assigned to plus all roles the groups the user belongs to are assigned to.
=====================

Leveraging this API endpoint should give you the necessary control to figure out the ID numbers for those groups, the roles assigned to those groups, the users assigned to those groups, and updating the roles for those groups as needed.

Regards,

Jon
 
WayneH responded:  2019-03-26 11:04
Hi Jon,

thanks for your response.. Just one follow up to this inquiry.
Where do we find information about the 'config' object that is used in the api call..?

Thanks,
Wayne