Curiosity for Developers
  • Overview
  • Getting Started
    • Introduction
    • System Overview
      • Workspace
      • Connectors
      • Front End
    • Requirements
    • Installation
      • Deploying on Windows
        • Download Curiosity Workspace for Windows
      • Deploying on Docker
        • Deploying using Docker Desktop App
        • Docker Hub
      • Deploying on Kubernetes
      • Deploying on OpenShift
      • Configuration
    • Configure your Workspace
    • Connecting to a Workspace
      • Download App
    • Built-in Templates
  • Security
    • Introduction
    • Hosting
    • Encryption
    • Users and Access
      • User Invitations
      • Single Sign-On (SSO)
        • Google Sign-In
        • Microsoft / Azure AD
        • Okta
        • Auth0
    • Permissions Management
    • Auditing
    • Teams management
    • Configuring Backup
      • Restoring a backup
    • Activate a workspace license
  • Data Sources
    • Introduction
    • User Apps
    • Workspace Integrations
    • API Integrations
      • Introduction
      • Data Modeling
      • Writing a Connector
      • Access Control
      • API Tokens
      • API Overview
      • Tips
    • Supported File Types
    • Curiosity CLI
      • Installation
      • Authentication
      • Commands
  • Search
    • Introduction
    • Languages
    • Synonyms
    • Ranking
    • Filters
    • Search Permissions and Access Control
  • Endpoints
    • Introduction
    • Creating an endpoint
    • Calling an endpoint
    • Endpoint Tokens
    • Endpoints API
  • Interfaces
    • Introduction
    • Local Development
    • Deploying a new interface
    • Routing
    • Node Renderers
    • Sidebar
    • Views
  • Artificial Intelligence
    • Introduction
    • Embeddings Search
    • AI Assistant
      • Enabling AI Assistant
    • Large Language Models
      • LLMs Models Configuration
      • Self-Hosted Models
    • Image Search
    • Audio and Video Search
  • Sample Workspaces
    • Introduction
    • HackerNews
    • Aviation Incidents
    • Covid Papers
    • NASA Public Library
    • Suggest a Recipe
  • Basic Concepts
    • Graph database
    • Search Engine
  • Troubleshooting
    • FAQs
      • How long does it take to set up?
      • How does Curiosity keep my data safe?
      • Can we get Curiosity on-premises?
      • Can I connect custom data?
      • How does Workspace pricing work?
      • Which LLM does Curiosity use?
      • What's special about Curiosity?
      • How are access permissions handled?
      • What enterprise tools can I connect?
      • How to access a workspace?
      • How do I hard refresh my browser?
      • How do I report bugs?
      • How do I solve connectivity issues?
      • How do I contact support?
  • Policies
    • Terms of Service
    • Privacy Policy
Powered by GitBook
On this page
  • Access Control APIs
  • Example
  1. Data Sources
  2. API Integrations

Access Control

PreviousWriting a ConnectorNextAPI Tokens

Last updated 1 year ago

Access management is the process of controlling who can access what data in your workspace. Curiosity Workspace uses a graph-based approach to represent access permissions as relationships between nodes. Nodes can be of different data types, and owned by either Users and/or Teams, which represent the users and groups of users in your workspace. These are internal data types that are available out-of-the-box in any Curiosity Workspace.

Most apps that can be connected to a Curiosity Workspace will automatically handle the access management when syncing the data. For custom data connector that you develop using the , the ownership of each node can be set at ingestion time, using the APIs described in this page.

You can use access management to protect sensitive data, comply with security regulations, and customize user experiences.

Access Control APIs

Restrict Access To Team

This method restricts access to a node only to members of a specific team node.

void RestrictAccessToTeam(Node node, Node teamNode)

Restrict Access to User

This method restricts access to a node only to a specific user node.

void RestrictAccessToUser(Node node, Node userNode)

By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.

You need to enable access control for each node type you might want to restrict access. Access is not checked by default for custom node schemas

To create User and Team nodes, you can use Curiosity's API methods, or create them using the . When using the library, you can use the following methods to add or update users and teams in your workspace:

Create User

This method creates or update a user. It returns the node representing the user in the graph.

async Task<Node> CreateUserAsync(string userName, string email, string firstName, string lastName)

Create Team

This method creates or update a team. It returns the node representing the team in the graph.

async Task<Node> CreateTeamAsync(string teamName, string description = null)

Add User to Team

This method adds a user as a member of a team.

void AddUserToTeam(Node userNode, Node teamNode)

Add Admin to Team

This method adds a team administrator as a member of a team.

void AddAdminToTeam(Node userNode, Node teamNode)

Remove User from Team

This method removes a user from a given team.

void RemoveUserFromTeam(Node userNode, Node teamNode)

By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.

Example

Here are some examples of how to use these methods:

using var graph = Graph.Connect(...);

// Create a User node with name, email, first name, and last name properties
var userNode        = await graph.CreateUserAsync("jdoe", "jdoe@example.com", "John", "Doe");
var anotherUserNode = await graph.CreateUserAsync("janedoe", "janedoe@example.com", "Jane", "Doe");

// Create a Team node with name and description properties
var teamNode = await CreateTeamAsync("Marketing", "The marketing team");

// Add the users to the team as members
graph.AddUserToTeam(userNode,        teamNode);
graph.AddUserToTeam(anotherUserNode, teamNode);

// Add the user to the team as an admin 
AddAdminToTeam(userNode, teamNode);

// Remove the user from the team
RemoveUserFromTeam(anotherUserNode, teamNode);

// Create another node with some data 
var report = new Report(){
 Title = "Sales Report",
 Content = "Some content"
};
var reportNode = graph.AddOrUpdate(report);

// Restrict access of the report to the team 
graph.RestrictAccessToTeam(reportNode, teamNode);

// Restrict access of the report to the user
graph.RestrictAccessToUser(reportNode, anotherUserNode);

// The final access to this node will be:
// - Members of the "Marketing" team, i.e. the user "jdoe"
// - The user "janedoe"

// Don't forget to call CommitPendingAsync to make sure all changes are persisted:
await graph.CommitPendingAsync();
Curiosity APIs
User Interface