{"id":334,"date":"2022-05-12T00:00:00","date_gmt":"2022-05-12T00:00:00","guid":{"rendered":"https:\/\/tac.debuzzify.com\/?p=334"},"modified":"2023-06-28T00:12:53","modified_gmt":"2023-06-28T00:12:53","slug":"streamlit-advanced-authentication","status":"publish","type":"post","link":"https:\/\/www.the-analytics.club\/streamlit-advanced-authentication\/","title":{"rendered":"Control Who Could Access Your Streamlit Dashboards"},"content":{"rendered":"\n\n\n
Authentication may prevent outsiders, but we need an authorization flow to control who could see what.<\/p>\n\n\n\n
Steramlit<\/a> simplifies one of the grandest difficulties of Data Scientists \u2014 Building an app to interact with their machine-learning models. It provides a set of declarative methods to create web components.<\/p>\n\n\n\n But security is a problem when you share Streamlit apps with others. Streamlit has a built-in solution to restrict access to users. But it\u2019s far from perfect.<\/p>\n\n\n\n In a previous post, I shared how we can use Django\u2019s authentication framework<\/a> to improve the security of Streamlit apps.<\/p>\n\n\n\n This post continues the previous one and covers more granular access control strategies for your Streamlit app<\/a>. I suggest you read the first one before diving into this.<\/p>\n\n\n\n Grab your aromatic coffee <\/a>(or tea<\/a>) and get ready…!<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n A login screen prevents unidentified people from accessing the system. We call it user authentication.<\/p>\n\n\n\n Yet, authentication is only one, but an essential item on your security checklist. There are several ways you could improve this.<\/p>\n\n\n\n For instance, you could put an IP restriction on your firewall<\/a>. But doing so put\u2019s a high-level rule on blocking a mass of people.<\/p>\n\n\n\n What if you want a granular control?<\/p>\n\n\n\n Say you need to show employees only a specific part of the dashboard<\/a>. But you may decide to offer a team-level dashboard and individual ones to the team leads.<\/p>\n<\/blockquote>\n\n\n\n The ability to do this is access control.<\/p>\n\n\n\n We\u2019ve already discussed why Stramlit\u2019s suggested user authentication flow isn\u2019t good enough for production-grade apps. We\u2019ve used Django to bridge the gap.<\/p>\n\n\n\n Streamlit also has no option for authorization. Let\u2019s go ahead and extend the Django authentication to handle permissions.<\/p>\n\n\n\n The plan is simple.<\/p>\n\n\n\n Assign users to specific groups. A user can be in multiple groups too. We can do this in the admin interface.<\/p>\n\n\n\n Then in the Streamlit app<\/a>, we check for the group membership of the logged-in user.<\/p>\n\n\n\n If this check is passed, we\u2019ll render the dashboard. Otherwise, we\u2019ll display a message saying, \u201cYou cannot view this dashboard.\u201d<\/p>\n\n\n\n But don\u2019t we need the groups in the first place? Let\u2019s start there.<\/p>\n\n\n\n If you\u2019re following the previous post, you\u2019d now have a Django app running, and you can access the admin portal.<\/p>\n\n\n\n We\u2019ve also created users. In the same way, let\u2019s click the add button next to \u201cGroup\u201d and add the following groups.<\/p>\n\n\n\nWhy do we need authorization control?<\/b><\/h2>\n\n\n\n
\n
Controlling dashboard permissions with Django.<\/b><\/h2>\n\n\n\n
Create user groups in the Django admin console.<\/b><\/h3>\n\n\n\n
\n