Cord LogoDocs
Sign inStart now

Permissions

Reference /
Ask the Community

How Cord's privacy model works

Background #

When building your integration, you will want to make sure that the right people can see the right things. Cord has several concepts to help you build the right privacy model.

Projects #

Generally we recommend creating one project per environment. For example, you might use one project for your internal testing and one project for production usage.

To see details of the projects you've already created or to create new projects, go to the Cord Console.

Each project has a unique secret, which you should use when signing both client and server auth tokens. Read more about token authentication here.

Diagram of Cord apps

Users in different projects have no way of ever seeing the same things or collaborating with each other.

Groups #

💡 'Groups' were previously known as 'organizations' or 'orgs'.

Within a project, you can create groups. Groups must have unique ids within a project. Users can be added to or removed from groups. A user can be a member of as many groups as you like.

A thread belongs to a single group, and therefore threads can only be seen by whichever users are in that group. Resources which belong to thread, such as messages and attachments, are accordingly only visible to the same group.

By default, components and client APIs will return threads from all groups a logged in user is a member of, unless you pass a specific groupID as a filter.

In the case of something like the Thread component, you do not need to pass a groupID to see an existing thread, since this can be inferred from the threadID. The exception to this, however, is if you wish to create a new thread with the component. In this case, you will need to specify a groupIDso we know where to create it.

Diagram showing two users who share one project where they can see the same threads

In the diagram both users A and B can see threads and interact with each other in Group 2. Only user A can see content in group 1, and will not be able to e.g. @ mention user B there. Only user B can see content in group 3, and will not be able to e.g. @ mention user A there.

Users #

Users exist within a project, but may be members of multiple groups. If a user is removed from a group, they will no longer have access any threads in that group. However, any messages they previously sent will remain, and will still be visible to current group members.

Diagram showing two users who do not share any groups and so cannot see the same threads

In the diagram Users A and B do not share any groups, and therefore cannot collaborate with each other. They may be able to see the others' messages if one was previously in a group the other is now in.

Not finding the answer you need? Ask our Developer Community

Ask Cordy