Access Control
Last updated
Last updated
Access management is the process of controlling who can access what data in your workspace. Curiosity Workspace uses a graph-based approach to represent access permissions as relationships between nodes. Nodes can be of different data types, and owned by either Users and/or Teams, which represent the users and groups of users in your workspace. These are internal data types that are available out-of-the-box in any Curiosity Workspace.
Most apps that can be connected to a Curiosity Workspace will automatically handle the access management when syncing the data. For custom data connector that you develop using the , the ownership of each node can be set at ingestion time, using the APIs described in this page.
This method restricts access to a node only to members of a specific team node.
void RestrictAccessToTeam(Node node, Node teamNode)
This method restricts access to a node only to a specific user node.
void RestrictAccessToUser(Node node, Node userNode)
By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.
You need to enable access control for each node type you might want to restrict access. Access is not checked by default for custom node schemas
To create User and Team nodes, you can use Curiosity's API methods, or create them using the . When using the library, you can use the following methods to add or update users and teams in your workspace:
This method creates or update a user. It returns the node representing the user in the graph.
async Task<Node> CreateUserAsync(string userName, string email, string firstName, string lastName)
This method creates or update a team. It returns the node representing the team in the graph.
async Task<Node> CreateTeamAsync(string teamName, string description = null)
This method adds a user as a member of a team.
void AddUserToTeam(Node userNode, Node teamNode)
This method adds a team administrator as a member of a team.
void AddAdminToTeam(Node userNode, Node teamNode)
This method removes a user from a given team.
void RemoveUserFromTeam(Node userNode, Node teamNode)
By using these APIs, you can define fine-grained access policies for your data sources and ensure that only authorized users can view and interact with the data they need.
Here are some examples of how to use these methods: