5️⃣
Cinchy Platform Documentation
Cinchy v5.8
Cinchy v5.8
  • Data Collaboration Overview
  • Release notes
    • Release notes
      • 5.9 release notes
      • 5.8 Release Notes
      • 5.7 Release Notes
      • 5.6 Release Notes
      • 5.5 Release Notes
      • 5.4 Release Notes
      • 5.3 Release Notes
      • 5.2 Release Notes
      • 5.1 Release Notes
      • 5.0 Release Notes
  • Support
  • Glossary
  • FAQ
  • Deployment guide
    • Deploying Cinchy
      • Plan your deployment
        • Deployment architecture
          • Kubernetes architecture
          • IIS architecture
        • Deployment prerequisites
          • Single Sign-On (SSO) integration
            • Enable TLS 1.2
            • Configure ADFS
            • AD Group Integration
      • Kubernetes
        • Disable your Kubernetes applications
        • Change your file storage configuration
        • Configure AWS IAM for Connections
        • Use Self-Signed SSL Certs (Kubernetes)
        • Deploy the CLI (Kubernetes)
      • IIS
  • Upgrade guide
    • Upgrade Cinchy
      • Cinchy Upgrade Utility
      • Kubernetes upgrades
        • v5.1 (Kubernetes)
        • v5.2 (Kubernetes)
        • v5.3 (Kubernetes)
        • v5.4 (Kubernetes)
        • v5.5 (Kubernetes)
        • v5.6 (Kubernetes)
        • v5.7 (Kubernetes)
        • v5.8 (Kubernetes)
        • Upgrade AWS EKS Kubernetes version
        • Update the Kubernetes Image Registry
        • Upgrade Azure Kubernetes Service (AKS)
      • IIS upgrades
        • v4.21 (IIS)
        • v4.x to v5.x (IIS)
        • v5.1 (IIS)
        • v5.2 (IIS)
        • v5.3 (IIS)
        • v5.4 (IIS)
        • v5.5 (IIS)
        • v5.6 (IIS)
        • v5.7 (IIS)
        • v5.8 (IIS)
      • Upgrading from v4 to v5
  • Guides for using Cinchy
    • User Guide
      • Data Browser overview
      • The Admin panel
      • User preferences
        • Personal access tokens
      • Table features
      • Data management
      • Queries
      • Version management
        • Versioning best practices
      • Commentary
    • Builder Guide
      • Best practices
      • Create tables
        • Attach files
        • Columns
        • Data controls
          • Data entitlements
          • Data erasure
          • Data compression
        • Formatting rules
        • Indexing & partitioning
        • Linking data
        • Table and column GUIDs
        • System tables
      • Delete tables
        • Restore tables, columns, and rows
      • Saved queries
      • CinchyDXD
        • Overview
        • DXD workflow
        • Package the data experience
        • Install the data experience
        • Release package
        • Changelog
        • References
          • Cinchy DXD CLI reference
          • Data Experience Definitions table
          • Data Experience Reference table
      • Multilingual support
      • Integration guides
    • Administrator Guide
    • Additional guides
      • Monitor and Log on Kubernetes
        • Grafana
        • OpenSearch dashboards
          • Set up Alerts
        • Monitor via ArgoCD
      • Maintenance
      • Cinchy Secrets Manager
      • GraphQL (Beta)
      • System properties
      • Enable Data At Rest Encryption (DARE)
      • Application experiences
        • Network map
          • Custom node results
          • Custom results in the Network Map
        • Set up experiences
  • API Guide
    • API overview
      • API authentication
      • API saved queries
      • ExecuteCQL
      • Webhook ingestion
  • CQL
    • Overview
      • CQL examples
      • CQL statements overview
        • Cinchy DML statements
        • Cinchy DDL statements
      • Cinchy supported functions
        • Cinchy functions
        • Cinchy system values
        • Cinchy User Defined Functions (UDFs)
          • Table-valued functions
          • Scalar-valued functions
        • Conversion functions
        • Date and Time types and functions
          • Return System Date and Time values
          • Return Date and Time parts
          • Return Date and Time values from their parts
          • Return Date and Time difference values
          • Modify Date and Time values
          • Validate Date and Time values
        • Logical functions
        • Math functions
        • String functions
        • Geometry and Geography data type and functions
          • OGC methods on Geometry & Geography instances
          • Extended methods on Geometry & Geography instances
        • Full Text Search functions
        • Connections functions
        • JSON functions
    • CQL functions reference list
  • Meta-Forms
    • Introduction
    • Install Meta-Forms
      • Deploy Meta-Forms (Kubernetes)
      • Deploy Meta-Forms (IIS)
    • Forms data types
    • Meta-Forms Builder Guide
      • Create a dynamic meta-form with tables
      • Create a dynamic meta-form example with Form Designer
      • Add links to a form
      • Rich text editing in forms
  • Data syncs
    • Get started with data syncs
    • IIS installation
      • Install Connections
      • Install the Worker/Listener
      • Install the Connections CLI
    • Build data syncs
      • Data sync types
      • Design patterns
      • Sync actions
      • Columns and mappings
        • Calculated column examples
      • Advanced settings
        • Filters
        • Variables
        • Auth requests
        • Request headers
        • Post sync scripts
        • Pagination
      • Batch data sync example
      • Real-time sync example
      • Schedule a data sync
      • Connection functions
    • Data sync sources
      • Cinchy Event Broker/CDC
        • Cinchy Event Broker/CDC XML config example
      • Cinchy Table
        • Cinchy Table XML config example
      • Cinchy Query
        • Cinchy Query XML config example
      • Copper
      • DB2 (query and table)
      • Dynamics 2015
      • Dynamics
      • DynamoDB
      • File-based sources
        • Binary file
        • Delimited file
        • Excel
        • Fixed width file
        • Parquet
      • Kafka Topic
        • Kafka Topic example config
        • Apache AVRO data format
      • LDAP
      • MongoDB collection
        • MongoDB collection source example
      • Mongo event
      • MongoDB collection (Cinchy event)
      • MS SQL Server (query and table)
      • ODBC Query
      • Oracle (query and table)
      • Polling event
        • Polling event example config
      • REST API
      • REST API (Cinchy event)
      • SAP SuccessFactors
      • Salesforce Object (Bulk API)
      • Salesforce platform event
      • Salesforce push topic
      • Snowflake
        • Snowflake source example config
      • SOAP 1.2 web service
      • SOAP 1.2 web service (Cinchy Event Triggered)
    • Data sync destinations
      • Cinchy Table
      • DB2 table
      • Dynamics
      • Kafka Topic
      • MongoDB collection
      • MS SQL Server table
      • Oracle table
      • REST API
      • Salesforce
      • Snowflake table
      • SOAP 1.2 web service
    • Real-time sync stream sources
      • The Listener Config table
      • Cinchy Event Broker/CDC
      • Data Polling
      • Kafka Topic
      • MongoDB
      • Salesforce Push Topic
      • Salesforce Platform Event
    • CLI commands list
    • Troubleshooting
  • Other Resources
    • Angular SDK
    • JavaScript SQK
Powered by GitBook
On this page
  • Overview
  • User-based controls
  • Role-Based Controls
  • Attribute-based controls
  • Change entitlements
  • Table-level entitlements
  • Marketplace
  • Bulk Export
  • Direct Query
  • Design Table
  • Design Controls
  • Column-level entitlements
  • View All Columns
  • View Specific Columns
  • Edit All Columns
  • Edit Specific Columns
  • Approve All Columns
  • Approve Specific Columns
  • Link Columns
  • Row-level entitlements
  • Insert Row
  • Delete Row
  • Viewable & Editable Row Filter
  • Examples for Row Filter
  1. Guides for using Cinchy
  2. Builder Guide
  3. Create tables
  4. Data controls

Data entitlements

Data Control Entitlements allow you to set up permissions for who can view, edit, or approve data within a table. Note that this was formerly called "Design Controls"

PreviousData controlsNextData erasure

Last updated 1 year ago

Overview

Data Entitlements define who has access to do what on your Cinchy platform. These access controls are universally set at a cellular level, meaning that you can configure user access in the way that best supports your use case.

You can set entitlements such that specific users can view, edit, delete, or insert data you want them to access.

Cinchy supports user-based, role-based, and attribute-based access controls.

User-based controls

User-based controls are entitlements given to specific users. This is done via the Users column.

Defining access based on a user means that even if the user changes their role, team, group, etc., they will still maintain their data entitlements.

Role-Based Controls

Role-based controls are entitlements given to set(s) or users based on their role in your environment. For example, you are able to define that only the Product team has access to insert records into a Product Roadmap table. Instead of configuring the entitlements user by user, which takes time and can lead to incorrect data when/if employees shift teams, you can configure it such that any user within the Product team automatically maintains the same level of control across the board.

In Cinchy, this is done via the Groups column.

Attribute-based controls

Attribute-based controls are entitlements given to a user(s) based on a defined set of tags. This can include attributes such as their team, their role, their security clearance, their location, etc.

Defining entitlements based on attributes allows you to drill even deeper into the specificity of which users can do what on your tables.

In Cinchy, you can set up an infinite number of attributes based on your specific use case(s). This is done via

For example, if you have an Employee table that contains salary information visible only to certain people, you can configure a Row Filter such that the logged in user MUST have at least one of the following attributes to be able to see it:

  • The user to whom the salary belongs

  • Their manager

  • All VP level executives

  • The CEO

You are able to add as many attributes into your Row Filter as needed. For example you could only allow a user with the following set of tags to view a row: Located in Toronto, on the Marketing Team, and with a Security Clearance level of 2.

Change entitlements

  1. When viewing a table, click on Data Controls > Entitlements from the left navigation menu (Image 1).

  1. Currently both the table creator and anyone in the Cinchy Administrators group has access to perform any action on any objects. You can give granular entitlements at a Group or a User level, for both viewing and editing access (Image 2).

  1. In the above scenario, John Smith is part of the Developers group. They're able to view all columns via the entitlement to the Developers group, and they're able to edit both the First Name and Last Name column through different entitlements.

Table-level entitlements

Table-level entitlements apply to the entire table.

Marketplace

Approving this entitlement enables users to see and search for the table in the Marketplace/Homepage.

Bulk Export

Approving this entitlement enables users to export data from the table via the Manage Data screen (Image 3).

Direct Query

Approving this entitlement enables users to query the data from the table directly in the Query Builder (Image 4).

Design Table

Approving this entitlement enables users to alter the structure of the table.

This is a builder/administrative function and shouldn't be granted to end users.

Design Controls

Approving this entitlement enables users to change the permissions on a table.

This is a builder/administrative function and shouldn't be granted to end users.

Column-level entitlements

Column-level entitlements apply only to columns.

View All Columns

Approving this entitlement enables users to view all columns within the table.

Note that this applies to any new columns that are added to the table after providing this permission as well.

View Specific Columns

This is a drop down where you can select the specific columns you want to grant view access to for users.

Edit All Columns

Approving this entitlement enables users to edit all columns within the table.

Note that this applies to any new columns that are added to the table after providing this permission as well.

Giving a user edit permission will also give them view permission.

Edit Specific Columns

This is a drop down where you can select the specific columns you want to grant edit access to for users.

Giving a user edit permission will also give them view permission.

Approve All Columns

Approving this entitlement enables users to approve all columns within the table. This also allows users to approve Create and Delete requests.

Note that this applies to any new columns that are added to the table after providing this permission as well.

Approve permissions only apply when Change Approvals are enabled.

Giving a user approve permission will also give them view permission.

Approve Specific Columns

This is a drop down where you can select the specific columns you want to grant approve access to for users.

Approve permissions only apply when Change Approvals are enabled.

Giving a user approve permission will also give them view permission.

Link Columns

Link columns require both permission to the column within the table and the column in the link column itself.

Row-level entitlements

Row-level entitlements apply to specific rows. Used in conjunction with Column Level entitlements this allows for granular cell level entitlements.

Insert Row

Approving this entitlement enables users to create new rows in the table.

Delete Row

Approving this entitlement enables users to delete rows in the table.

Viewable & Editable Row Filter

This is a CQL fragment that applies a filter to which rows will be viewable or editable. Think of the column entitlements and the fragment as a SQL statement applied to the table.SELECT {Edit Selected Columns} WHERE {Editable Row Filter}

Examples for Row Filter

Most of these examples will be with the editable row filter so it's easy to see the underlying data for comparison. However this can be done for viewable row data as well.

Sample data

(Image 5)

Example

With the following entitlements (Image 6):

  • Edit Specific Columns: Age

  • Editable Row Filter: [Age] > 30

Example with viewable data

(Image 7)

  • View Specific Columns: First Name, Last Name

  • Viewable Row Filter: [End Date] IS NULL OR [End Date] > GetDate()

Layer on another entitlement

(Image 8)

  • View Specific Columns: All

  • Edit Specific Columns: First Name, Last Name, Age

  • Viewable Row Filter: [First Name] = 'John'

  • Editable Row Filter: [First Name] = 'John'

Example for current user

(Image 9)

For the All Users group:

(Image 10)

  • View All Columns: Check

  • Edit Selected Columns: First Name, Last Name

  • Editable Row Filter: [User Account].[Cinchy Id] = CurrentUserId()

To allow a user to edit certain fields of their own data, you will need an association from a user to the [Cinchy].[Users] table. You can then use the following function to allow edit for that user, where [...] is the chain of link columns to get to the Users table.

[...].[Cinchy Id] = CurrentUserId()

Row Filters.
Image 1: Step 1, Entitlements
Image 2: Step 2, An example of Entitlements
Image 3: Step 2.2 Bulk Export
Image 4: Step 2.3 Direct Queries
Image 5: Sample Data
Image 6: Simple Example
Image 7: Example with Viewable Data
Image 8: Layer on Another Entitlement
Image 9: Example for current user
Image 10: For the All Users Group