Permissioned Data Flows

Permissioned Data Flows allow you to define controls on every input and output within Internal (including filters). You can define roles and permission sets per each role through the Company Settings.



Only users with the Admin role will be able to access the admin controls, including the Company Settings with Roles and Permissions.

You'll see the existing roles in Internal and an "Add Role" button to create new roles.

You can click on an existing role to view the permission set for that role, and make edits.



You cannot make edits to the Admin role.

Adding and editing a role

Click "Add Role" or click on an existing role name and hit "Edit".

Add/edit your role name.

The Admin role

This role is created by default. Admin users have access to everything, including Company Settings.

The "Space Admin"

You can use the checkbox to determine if those role should be able to edit Spaces and access environments (if you have multiple environments set up). We refer to this as a "Space Admin."

This role scope adds special permissions to its grantees:

  • View spaces and execute functions in the non-default environment
  • Create new spaces
  • Modify and delete existing spaces
  • View space version history
  • List spaces which have not been published
  • Publish, un-publish, and restore space versions

This role scope does not grant access to:

  • Modify permissions
  • Modify space visibility (with new dashboard)
  • Modify spaces in the left nav (without new dashboard)

Setting permissions

For each function, you can use the checkbox to determine if this role should have access. If they do not have access, they won't be able to use or view certain Space components that are tied to those functions. For example, if you have a table component with a function to "list user records" and a role does not have permission to access the "list user records" function, that role won't be able to view the table. Similarly, a button that's tied to a function to "update company records" will be unusable for roles that do not have permission to access the "update company records" function.

Without access, a role cannot utilize those functions within a Space.

For more granular permissions, you can expand each function to set access at the parameter level.



Functions must return an Object or an array of Objects in order for granular attribute-level permissions to work. If your function returns something else (such as a string), be sure to grant permissions to the entire function. Failure to do so will result in your users being unable to see any data returned from the function.