@@ -457,7 +457,6 @@ is passed to Run Engine Manager in some API calls.
457457Default Resource Access Policy
458458++++++++++++++++++++++++++++++
459459
460- Only the default policy ``DefaultResourceAccessControl `` is currently implemented.
461460This is a simple policy, which associates one fixed group name with all users.
462461The group name used by default is ``'primary' ``. ``DefaultResourceAccessControl ``
463462with default settings is activated by default if no other policy is selected
@@ -482,3 +481,31 @@ See the documentation on ``DefaultResourceAccessControl`` for more details.
482481 :toctree: generated
483482
484483 authorization.DefaultResourceAccessControl
484+
485+
486+ Single Group Resource Access Policy
487+ +++++++++++++++++++++++++++++++++++
488+
489+ This is a policy that associates one group name with one user, based on the
490+ specified user group in the access policy.
491+ The default group name is defined in the same way as the
492+ ``DefaultResourceAccessControl ``.
493+ This functionality can be very useful in order to provide different levels
494+ of access to different users directly in the server so all the clients
495+ can receive the same plans and devices for a specific user.
496+
497+ The default group name can be changed in the policy configuration. For example,
498+ the following policy configuration sets the returned group name to ``test_user ``::
499+
500+ resource_access:
501+ policy: bluesky_httpserver.authorization:SingleGroupResourceAccessControl
502+ args:
503+ default_group: test_user
504+
505+ See the documentation on ``SingleGroupResourceAccessControl `` for more details.
506+
507+ .. autosummary ::
508+ :nosignatures:
509+ :toctree: generated
510+
511+ authorization.SingleGroupResourceAccessControl
0 commit comments