# User and Role Management

# User and Role Management

Effective user and role management is critical for securing a Curiosity Workspace and ensuring that users have the appropriate level of access.

# Permission Model

Curiosity Workspace uses a role-based access control (RBAC) model. Permissions are assigned to roles, and roles are assigned to users or groups.

# Core Permissions

• Read: Ability to search and view nodes and edges.
• Write: Ability to create or update data via connectors or endpoints.
• Admin: Full access to workspace configuration, security settings, and monitoring.

# Managing Roles

Roles define a set of permissions that can be applied to users.

1. System Roles: Pre-defined roles like Admin, Developer, and User.
2. Custom Roles: Tailored roles created to match specific organizational needs (e.g., Auditor, DataSteward).

# Assigning Users

Users can be managed directly within the workspace or integrated via an external identity provider (SSO).

• Local Users: Managed via the workspace administration UI.
• SSO Groups: Map groups from providers like Azure AD, Okta, or Google to workspace roles.

# Implementing Least Privilege

To maintain a secure environment, follow the principle of least privilege:

• Assign the minimum permissions required for a user to perform their job.
• Regularly audit role assignments and permissions.
• Use separate accounts for administrative tasks.

# Next Steps

• Configure Single Sign-On: SSO Options
• Learn about data-level security: Permissions