Curiosity for Developers
  • Overview
  • Getting Started
    • Introduction
    • System Overview
      • Workspace
      • Connectors
      • Front End
    • Requirements
    • Installation
      • Deploying on Windows
        • Download Curiosity Workspace for Windows
      • Deploying on Docker
        • Deploying using Docker Desktop App
        • Docker Hub
      • Deploying on Kubernetes
      • Deploying on OpenShift
      • Configuration
    • Configure your Workspace
    • Connecting to a Workspace
      • Download App
    • Built-in Templates
  • Security
    • Introduction
    • Hosting
    • Encryption
    • Users and Access
      • User Invitations
      • Single Sign-On (SSO)
        • Google Sign-In
        • Microsoft / Azure AD
        • Okta
        • Auth0
    • Permissions Management
    • Auditing
    • Teams management
    • Configuring Backup
      • Restoring a backup
    • Activate a workspace license
  • Data Sources
    • Introduction
    • User Apps
    • Workspace Integrations
    • API Integrations
      • Introduction
      • Data Modeling
      • Writing a Connector
      • Access Control
      • API Tokens
      • API Overview
      • Tips
    • Supported File Types
    • Curiosity CLI
      • Installation
      • Authentication
      • Commands
  • Search
    • Introduction
    • Languages
    • Synonyms
    • Ranking
    • Filters
    • Search Permissions and Access Control
  • Endpoints
    • Introduction
    • Creating an endpoint
    • Calling an endpoint
    • Endpoint Tokens
    • Endpoints API
  • Interfaces
    • Introduction
    • Local Development
    • Deploying a new interface
    • Routing
    • Node Renderers
    • Sidebar
    • Views
  • Artificial Intelligence
    • Introduction
    • Embeddings Search
    • AI Assistant
      • Enabling AI Assistant
    • Large Language Models
      • LLMs Models Configuration
      • Self-Hosted Models
    • Image Search
    • Audio and Video Search
  • Sample Workspaces
    • Introduction
    • HackerNews
    • Aviation Incidents
    • Covid Papers
    • NASA Public Library
    • Suggest a Recipe
  • Basic Concepts
    • Graph database
    • Search Engine
  • Troubleshooting
    • FAQs
      • How long does it take to set up?
      • How does Curiosity keep my data safe?
      • Can we get Curiosity on-premises?
      • Can I connect custom data?
      • How does Workspace pricing work?
      • Which LLM does Curiosity use?
      • What's special about Curiosity?
      • How are access permissions handled?
      • What enterprise tools can I connect?
      • How to access a workspace?
      • How do I hard refresh my browser?
      • How do I report bugs?
      • How do I solve connectivity issues?
      • How do I contact support?
  • Policies
    • Terms of Service
    • Privacy Policy
Powered by GitBook
On this page
  • Connecting Data
  • Accessing Data
  1. Security

Permissions Management

How Curiosity handles access permissions

PreviousAuth0NextAuditing

Last updated 1 year ago

Curiosity workspaces includes permissions management to ensure that users can only see information that they're allowed to access.

That has two parts:

  1. Controlling which data sources users can connect to Curiosity

  2. Controlling what information users can access once it's been connected to Curiosity

Connecting Data

In Curiosity workspaces, interfaces to connect data are only accessible to admin accounts, not normal users.

That means only administrators (in the Curiosity workspace) can connect data sources to the workspace. Normal users can't inadvertently or intentionally connect unwanted sources to a server application.

Accessing Data

Workspaces are typically used by groups of users who authenticate using a user-name/password combination or via SSO (see ).

To ensure each user can only access information they're allowed to see, the system therefore includes permissions management.

Permissions concepts

Permissions management includes the following concepts:

  • User accounts

  • User groups ("Teams")

  • Folders

  • Files and other objects

Users or groups can have or not have access to a folder or any other object, i.e. permissions are handled at an object level.

Technically, permissions are handled as relationships between nodes in the graph database. Each user/group and each folder/file/object is a node. Relationships of internal type _HasAccess determines whether the user or group can access the resource.

Permissions are handled on the server side and results are filtered for permissions before a response is returned to the front-end.

Synchronizing Permissions with the Data Source

Integrations within Curiosity will synchronize external access permissions automatically from the source data. can also set access permissions as required using the appropriate methods.

Users and Access
Custom connectors