Revoking All Access Except the Content Owner

Problem

You need to remove all access privileges from a piece of content, except for the original owner.

Solution

Use a script to lock down access privileges for the piece of content. To do so, take the following steps:

  • Remove all viewers from the content. Optionally, remove all collaborators too.
  • If the content’s access type is either all or logged_in, change it to acl to ensure that only the owner and any remaining collaborators have access.

The scripts below should be edited to customize the following inputs:

  1. The content_guid for the content item from which you want to alter permissions.
  2. The boolean value for also_remove_collabs. Set to True/TRUE to remove all collaborators, leaving only the publisher. Left False/FALSE (the default), only viewers will be removed.
from posit import connect

#### User-defined inputs ####
# 1. Specify the guid for the content
content_guid = "INSERT_CONTENT_GUID"
# 2. Remove collaborators in addition to viewers, leaving only the publisher? Default is only viewers (`also_remove_collabs = False`).
also_remove_collabs = False
############################

# If the value of also_remove_collabs is not a boolean, print a message and set it to False as a fail-safe
if type(also_remove_collabs) != bool:
    print("The value of `also_remove_collabs` must be a boolean. Setting it to False to be safe.")
    also_remove_collabs = False

client = connect.Client()

# For the specified content item, iteratively adjust permissions.
for perm in client.content.get(content_guid).permissions.find():
    if also_remove_collabs or perm.role == "viewer":
        perm.destroy()

# Confirm new permissions
client.content.get(content_guid).permissions.find()

# If the access type for the content is not set to an Access Control List ("acl"), modify this to ensure that only the owner has access
access_type = client.content.get(content_guid).access_type

if access_type != "acl":
    client.content.get(content_guid).update(access_type="acl")
library(connectapi)
library(purrr)

#### User-defined inputs ####
# 1. Specify the guid for the content
content_guid <- "INSERT_CONTENT_GUID"
# 2. Remove collaborators in addition to viewers, leaving only the publisher? Default is only viewers (`also_remove_collabs = False`).
also_remove_collabs <- FALSE
############################

# If the value of also_remove_collabs is not a boolean, print a message and set it to False as a fail-safe
if (!is.logical(also_remove_collabs)) {
  message("The value of `also_remove_collabs` must be a boolean. Setting it to FALSE to be safe.")
  also_remove_collabs <- FALSE
}

client <- connect()

# Adjust permissions for the specified content item.
content <- content_item(client, content_guid)

# Get permissions
perms <- content$permissions()

# Get id of each viewer and owner (collaborator)
viewer_ids <- map(perms, ~.x$id[.x$role == "viewer"]) |> unlist()
collab_ids <- map(perms, ~.x$id[.x$role == "owner"]) |> unlist()

# Remove all viewers
walk(viewer_ids, ~content$permissions_delete(.x))
if (also_remove_collabs) {
  # remove collaborators too
  walk(collab_ids, ~content$permissions_delete(.x))
}

# Confirm new permissions
get_content_permissions(content)

# If the access type for the content is not set to an Access Control List ("acl"), modify this to ensure that only the owner has access
access_type <- content$content$access_type

if (access_type != "acl") {
  content_update_access_type(content, access_type = "acl")
}

The images below show the results when also_remove_collabs is set to True.

Before removing permissions:

After removing permissions: