Permissions Management
How Curiosity handles access permissions
Curiosity workspaces includes permissions management to ensure that users can only see information that they're allowed to access.
That has two parts:
Controlling which data sources users can connect to Curiosity
Controlling what information users can access once it's been connected to Curiosity
Connecting Data
In Curiosity workspaces, interfaces to connect data are only accessible to admin accounts, not normal users.
That means only administrators (in the Curiosity workspace) can connect data sources to the workspace. Normal users can't inadvertently or intentionally connect unwanted sources to a server application.
Accessing Data
Workspaces are typically used by groups of users who authenticate using a user-name/password combination or via SSO (see Users and Access).
To ensure each user can only access information they're allowed to see, the system therefore includes permissions management.
Permissions concepts
Permissions management includes the following concepts:
User accounts
User groups ("Teams")
Folders
Files and other objects
Users or groups can have or not have access to a folder or any other object, i.e. permissions are handled at an object level.
Technically, permissions are handled as relationships between nodes in the graph database. Each user/group and each folder/file/object is a node. Relationships of internal type _HasAccess determines whether the user or group can access the resource.
Permissions are handled on the server side and results are filtered for permissions before a response is returned to the front-end.
Synchronizing Permissions with the Data Source
Integrations within Curiosity will synchronize external access permissions automatically from the source data. Custom connectors can also set access permissions as required using the appropriate methods.
Last updated