Skip to main content
This document outlines how Airia manages user access to data within your data sources across three primary scenarios, controlling how content is viewed, accessed, and queried.

Broad Access (Default)

Data sources created without User-Specific configuration and without original source permission checks enabled default to broad access. This means no explicit access controls are applied based on the creator or the original source.
  • Admin Visibility: All Platform Admins and Project Admins (with access to the specific project) can view file names and content within the View Chunks menu, even if they don’t have access to the original files.
  • End-User Querying: Any end-user with access to an Agent connected to this data source can retrieve all data from it, even if they don’t have access to the original source.

Original Source Permissions

When original source permissions are enabled, Airia respects the read access a user has in the original repository (e.g., OneDrive, SharePoint, Confluence).
💡 Note: Only the user who created the data source can enable or disable original source permission checks.
  • Access Control: The system checks a user’s read access in the original source.
  • File Visibility (No Access):
    • Users without access to specific files will see their names redacted in the platform.
    • They will still see the total file count, connector type, and data source name.
    • Platform Admins can still schedule synchronization tasks for these data sources.
  • Content Visibility (No Access): Users without file access cannot view ingestion artifacts like generated chunks or SQL tables.
  • Querying (No Access): End-users cannot retrieve data from files they do not have access to, even if the data source is connected to an Agent.

Prerequisites for Original Source Permissions

To utilize original source permissions:
  • SSO: Single Sign-On (SSO) must be enabled for your Airia instance.
  • Toggle On: The permission check toggle must be set to On during data source creation.
  • Supported Connectors: This feature is currently supported only for:
    • OneDrive
    • SharePoint
    • Confluence
⚠️ Warning: API Access and xAPI Keys Retrieving data via API calls or using an xAPI key will not return any data when original source permissions are enabled. This is because xAPI keys do not provide user context, which is essential for permission validation. Permission checks are supported only with JSON Web Tokens (JWT) that contain user context.

User-Specific Access

When a data source is explicitly configured as user-specific, access is restricted to its creator.
  • Exclusive Access: Data is exclusively available to the user who created the data source. Other Admins cannot edit, authenticate, or add files to this data source.
    • For File Upload data sources, other users can add files but will only see the files they added.
  • Visibility: The creator can view the file list, open files to see their content, generated chunks, SQL tables (for CSV/Excel), and other ingestion artifacts. Other Admins will not see the file count or file list.
  • Querying: If this data source is linked to an Agent, only the creator can query it through that Agent.