Workspace Customization

# Access Control

Access management in Curiosity Workspace is handled by representing permissions as relationships in the graph. By default, nodes are accessible based on the workspace settings, but you can define fine-grained access control at the node level using the API.

# Core Concepts

Curiosity uses internal node types to represent users and teams:

  • _User: Represents individual users.
  • _AccessGroup: Represents groups of users (displayed as Team in the UI).

Access is controlled by creating relationships between data nodes and these internal nodes.

# Access Control APIs

When building a custom data connector, you can use the following methods to manage access:

# Restricting Access

  • RestrictAccessToTeam(Node node, Node teamNode): Restricts access to a specific node only to members of the given access group (Team).
  • RestrictAccessToUser(Node node, Node userNode): Restricts access to a specific node only to a specific user.

# Managing Users and Teams

  • Task<Node> CreateUserAsync(string userName, string email, string firstName, string lastName): Creates or updates a user node.
  • Task<Node> CreateTeamAsync(string teamName, string description = null): Creates or updates a team node.
  • AddUserToTeam(Node userNode, Node teamNode): Adds a user to a team.
  • AddAdminToTeam(Node userNode, Node teamNode): Assigns administrative rights for a team to a user.
  • RemoveUserFromTeam(Node userNode, Node teamNode): Removes a user from a team.

# Example 

using var graph = Graph.Connect(...);

// Create or update users
var userJohn = await graph.CreateUserAsync("jdoe", "jdoe@example.com", "John", "Doe");
var userJane = await graph.CreateUserAsync("janedoe", "janedoe@example.com", "Jane", "Doe");

// Create a team
var marketingTeam = await graph.CreateTeamAsync("Marketing", "Marketing department");

// Add users to team
graph.AddUserToTeam(userJohn, marketingTeam);
graph.AddAdminToTeam(userJohn, marketingTeam);

// Create a data node and restrict access
var report = new Report { Title = "Q4 Marketing Plan" };
var reportNode = graph.AddOrUpdate(report);

// Restrict to the marketing team and specifically to Jane
graph.RestrictAccessToTeam(reportNode, marketingTeam);
graph.RestrictAccessToUser(reportNode, userJane);

await graph.CommitPendingAsync();

# Important Considerations

  • Enable Access Control: Ensure that access control is enabled for the specific node schemas you wish to protect. By default, custom node schemas might not have access checks enforced.
  • Internal Schemas: Internal schemas like _User and _AccessGroup are protected and cannot be deleted, but they can be managed via the API as shown above.

© 2026 Curiosity. All rights reserved.