Sharing Artist Asset with User
[1]:
# Creates an Access Policy that shares "read-only" permission with user (within a single tenancy).
#
# Main function, establishes a connection to RKVST using an App Registration then uses that
# to create an Access Policy.
#
# Note: The purpose of RKVST Jupyter Notebooks is to provide simplified examples that one can easily execute and digest.
# The RKVST Python SDK is authored to work cleanly with more advanced coding techniques.
#
# RKVST Python SDK: https://github.com/rkvst/rkvst-python
#
[2]:
import random
import string
from json import dumps as json_dumps
from os import getenv
from warnings import filterwarnings
from dotenv import load_dotenv
from archivist.archivist import Archivist
from archivist.proof_mechanism import ProofMechanism
from archivist.logger import set_logger
from archivist.constants import ASSET_BEHAVIOURS
[3]:
%reload_ext dotenv
%dotenv -o notebooks.env
[4]:
# RKVST_URL, RKVST_APPREG_CLIENT, RKVST_APPREG_SECRET are environment variables that represent connection parameters.
#
# RKVST_URL = represents the url to the RKVST application
# RKVST_APPREG_CLIENT = represents the client ID from an Application Registration
# RKVST_APPREG_SECRET = represents the client secret from an Application Registration
RKVST_URL = getenv("RKVST_URL")
RKVST_APPREG_CLIENT = getenv("RKVST_APPREG_CLIENT")
RKVST_APPREG_SECRET = getenv("RKVST_APPREG_SECRET")
[5]:
"""
Main function of Access Policy creation.
* Connect to RKVST with client ID and client secret
* Creates an Access Policy
* Prints response of Access Policy creation
"""
# Optional call to set the logger level. The argument can be either
# "INFO" or "DEBUG". For more sophisticated logging control see our
# documentation.
set_logger("INFO")
# Initialize connection to RKVST
print("Connecting to RKVST")
print("RKVST_URL", RKVST_URL)
arch = Archivist(RKVST_URL, (RKVST_APPREG_CLIENT, RKVST_APPREG_SECRET), max_time=300)
Connecting to RKVST
RKVST_URL https://app.rkvst.io
[6]:
def create_access(arch):
"""
Creates an Access Policy that shares read only data for Artists with another user within a single tenancy
"""
props = {
"display_name": "Sharing Artist Asset",
"description": "Sharing Artist Asset with User",
}
filters = [{"or": ["attributes.arc_display_type=Artists"]}]
access_permissions = [
{
"asset_attributes_read": ["*"],
"asset_attributes_write": [],
"behaviours": ASSET_BEHAVIOURS,
"event_arc_display_type_read": ["*"],
"event_arc_display_type_write": [],
"include_attributes": [],
"subjects": [],
"user_attributes": [{"or": ["email=rkvst.test@gmail.com"]}],
}
]
return arch.access_policies.create(props, filters, access_permissions)
[7]:
# Creates an Access Policy and prints result
access_policy = create_access(arch)
print("ACCESS_POLICY", json_dumps(access_policy, indent=4))
Refresh token
ACCESS_POLICY {
"identity": "access_policies/318599ad-272f-4c58-b0ac-5773f38c705a",
"display_name": "Sharing Artist Asset",
"filters": [
{
"or": [
"attributes.arc_display_type=Artists"
]
}
],
"access_permissions": [
{
"subjects": [],
"behaviours": [
"Attachments",
"RecordEvidence"
],
"include_attributes": [],
"user_attributes": [
{
"or": [
"email=rkvst.test@gmail.com"
]
}
],
"asset_attributes_read": [
"*"
],
"asset_attributes_write": [],
"event_arc_display_type_read": [
"*"
],
"event_arc_display_type_write": []
}
],
"tenant": "tenant/0a62f7c9-fd7b-4791-8041-01218d839ec1",
"description": "Sharing Artist Asset with User"
}