Data & permissions

A mini app only ever reaches the things you let it. Two pieces work together to make that true: the grants you give an app (the specific collections and workflows it may use) and the sandbox it runs in (which enforces that nothing outside those grants is reachable).

Grants: pick what an app may touch

Every app is granted two lists, both by name, both chosen from things you already own:

• Collections — the data collections the app may read from and write to.
• Workflows — the workflows the app may run.

You set these in the Properties pane of the editor. Each grant is a chip; you add one from a picker that lists your collections and your workflows by name. The app can only touch what’s on these two lists — nothing else in your account is visible to it.

When the assistant builds an app

You usually don’t set grants by hand. When you ask the assistant to build an app, it grants the app exactly the collection it created for your data and the workflows it wrote — no more. The Properties pane is where you’d review or adjust those grants later.

Granting a collection that doesn’t exist yet

The collection picker lets you type a new name to grant a collection you haven’t created yet — collections come into being on first write, so a not-yet-existing name is a valid grant. Give an app a fresh collection name and it has a private place to store its data the moment it writes there. New collection names follow the usual rule: lowercase, start with a letter, words joined by underscores (for example meal_log).

Granting a workflow

The workflow picker only lists workflows you already have — a workflow has to exist before an app can run it. Pick the ones the app should be allowed to run; leave the rest out. If a granted workflow is later deleted, the editor keeps the grant visible so you can see and clear it rather than silently dropping it.

The sandbox: an app only sees what you point it at

Grants decide what an app should reach. The sandbox is what makes sure it can’t reach anything else. Every app runs walled-in, and that’s a feature — it’s what makes it safe to run an app the assistant generated for you, or one someone shares with you.

Only your granted data

An app can read or write only the collections you granted it. An app built for your expenses can’t go rummaging through other collections.

Only your granted workflows

An app can run only the workflows on its list — and nothing else. It can’t trigger work you didn’t hand it.

No open internet

An app can’t call out to other websites or services. It only talks to the collections and workflows you gave it.

No access to your account

An app never sees your login or credentials — not your password, not your API keys, not your provider connections.

The short version: an app only sees the data you point it at. If an app needs to do something new, you give it a new workflow or a new collection — it can’t grant itself anything. That keeps a generated app, or one someone shares with you, from reaching anywhere it shouldn’t.

Deleting an app leaves your data alone

Because collections and workflows are shared assets — not owned by any one app — deleting an app removes only the app. The collections it read and the workflows it ran stay exactly where they were, and anything else that uses them keeps working.

Clearing your data in Your data empties the documents in your collections but leaves your apps in place, the same way it leaves your workflows.

Related

• Store data between runs — how collections work; the data an app reads and writes.
• Build your first workflow — the workflows an app runs.
• Your data — inventory, export, and deletion of everything Catalyst stores for you.