Revoking All Access Except the Content Owner
Problem
You need to remove all access privileges from a piece of content, except for the original owner.
Solution
Use a script to lock down access privileges for the piece of content. To do so, take the following steps:
- Remove all viewers from the content. Optionally, remove all collaborators too.
- If the content’s access type is either
all
orlogged_in
, change it toacl
to ensure that only the owner and any remaining collaborators have access.
The scripts below should be edited to customize the following inputs:
- The
content_guid
for the content item from which you want to alter permissions. - The boolean value for
also_remove_collabs
. Set toTrue
/TRUE
to remove all collaborators, leaving only the publisher. LeftFalse
/FALSE
(the default), only viewers will be removed.
from posit import connect
#### User-defined inputs ####
# 1. Specify the guid for the content
= "INSERT_CONTENT_GUID"
content_guid # 2. Remove collaborators in addition to viewers, leaving only the publisher? Default is only viewers (`also_remove_collabs = False`).
= False
also_remove_collabs ############################
# If the value of also_remove_collabs is not a boolean, print a message and set it to False as a fail-safe
if type(also_remove_collabs) != bool:
print("The value of `also_remove_collabs` must be a boolean. Setting it to False to be safe.")
= False
also_remove_collabs
= connect.Client()
client
# For the specified content item, iteratively adjust permissions.
for perm in client.content.get(content_guid).permissions.find():
if also_remove_collabs or perm.role == "viewer":
perm.destroy()
# Confirm new permissions
client.content.get(content_guid).permissions.find()
# If the access type for the content is not set to an Access Control List ("acl"), modify this to ensure that only the owner has access
= client.content.get(content_guid).access_type
access_type
if access_type != "acl":
="acl") client.content.get(content_guid).update(access_type
library(connectapi)
library(purrr)
#### User-defined inputs ####
# 1. Specify the guid for the content
<- "INSERT_CONTENT_GUID"
content_guid # 2. Remove collaborators in addition to viewers, leaving only the publisher? Default is only viewers (`also_remove_collabs = False`).
<- FALSE
also_remove_collabs ############################
# If the value of also_remove_collabs is not a boolean, print a message and set it to False as a fail-safe
if (!is.logical(also_remove_collabs)) {
message("The value of `also_remove_collabs` must be a boolean. Setting it to FALSE to be safe.")
<- FALSE
also_remove_collabs
}
<- connect()
client
# Adjust permissions for the specified content item.
<- content_item(client, content_guid)
content
# Get permissions
<- content$permissions()
perms
# Get id of each viewer and owner (collaborator)
<- map(perms, ~.x$id[.x$role == "viewer"]) |> unlist()
viewer_ids <- map(perms, ~.x$id[.x$role == "owner"]) |> unlist()
collab_ids
# Remove all viewers
walk(viewer_ids, ~content$permissions_delete(.x))
if (also_remove_collabs) {
# remove collaborators too
walk(collab_ids, ~content$permissions_delete(.x))
}
# Confirm new permissions
get_content_permissions(content)
# If the access type for the content is not set to an Access Control List ("acl"), modify this to ensure that only the owner has access
<- content$content$access_type
access_type
if (access_type != "acl") {
content_update_access_type(content, access_type = "acl")
}
The images below show the results when also_remove_collabs
is set to True
.
Before removing permissions:
After removing permissions: