Access Control

Access management is the process of controlling who can access what data in your workspace. Curiosity Workspace uses a graph-based approach to represent access permissions as relationships between nodes. Nodes can be of different data types, and owned by either Users and/or Teams, which represent the users and groups of users in your workspace. These are internal data types that are available out-of-the-box in any Curiosity Workspace.

Most apps that can be connected to a Curiosity Workspace will automatically handle the access management when syncing the data. For custom data connector that you develop using the Curiosity APIs, the ownership of each node can be set at ingestion time, using the APIs described in this page.

Access Control APIs

Restrict Access To Team

This method restricts access to a node only to members of a specific team node.

void RestrictAccessToTeam(Node node, Node teamNode)

Restrict Access to User

This method restricts access to a node only to a specific user node.

void RestrictAccessToUser(Node node, Node userNode)

By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.

To create User and Team nodes, you can use Curiosity's API methods, or create them using the User Interface. When using the library, you can use the following methods to add or update users and teams in your workspace:

Create User

This method creates or update a user. It returns the node representing the user in the graph.

async Task<Node> CreateUserAsync(string userName, string email, string firstName, string lastName)

Create Team

This method creates or update a team. It returns the node representing the team in the graph.

async Task<Node> CreateTeamAsync(string teamName, string description = null)

Add User to Team

This method adds a user as a member of a team.

void AddUserToTeam(Node userNode, Node teamNode)

Add Admin to Team

This method adds a team administrator as a member of a team.

void AddAdminToTeam(Node userNode, Node teamNode)

Remove User from Team

This method removes a user from a given team.

void RemoveUserFromTeam(Node userNode, Node teamNode)

By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.

Example

Here are some examples of how to use these methods:

using var graph = Graph.Connect(...);

// Create a User node with name, email, first name, and last name properties
var userNode        = await graph.CreateUserAsync("jdoe", "jdoe@example.com", "John", "Doe");
var anotherUserNode = await graph.CreateUserAsync("janedoe", "janedoe@example.com", "Jane", "Doe");

// Create a Team node with name and description properties
var teamNode = await CreateTeamAsync("Marketing", "The marketing team");

// Add the users to the team as members
graph.AddUserToTeam(userNode,        teamNode);
graph.AddUserToTeam(anotherUserNode, teamNode);

// Add the user to the team as an admin 
AddAdminToTeam(userNode, teamNode);

// Remove the user from the team
RemoveUserFromTeam(anotherUserNode, teamNode);

// Create another node with some data 
var report = new Report(){
 Title = "Sales Report",
 Content = "Some content"
};
var reportNode = graph.AddOrUpdate(report);

// Restrict access of the report to the team 
graph.RestrictAccessToTeam(reportNode, teamNode);

// Restrict access of the report to the user
graph.RestrictAccessToUser(reportNode, anotherUserNode);

// The final access to this node will be:
// - Members of the "Marketing" team, i.e. the user "jdoe"
// - The user "janedoe"

// Don't forget to call CommitPendingAsync to make sure all changes are persisted:
await graph.CommitPendingAsync();