Consider an enterprise setup for Coda wherein the identities are managed via IDP (like Azure AD)
Is it possible to allow/restrict read permissions to docs at workspace level [for users and groups]
Is it possible to allow/restrict read permissions to docs at folder level [for users and groups]
As per documentation, SAML group sync is possible with Coda.
How are IDP groups mapped in Coda
If IDP groups are mapped to Coda user group, considering the APIs, how do we differ between a local Coda group or SAML synced group
We believe that permission can be granted at doc level, and not at page or table level
Considering the above, how can we fetch effective and exhaustive permissions of a given doc which belongs to a workspace or a folder.
API for doc level permission are effective or we need to leverage some other APIs to make it exhaustive considering the inherited permissions from workspace and folder level.
Can docs exist without belonging to a folder or workspace
I’ve taken a crack at your questions, answering to the best of my knowledge.:
Yes, you can add/remove users from a workspace, and share docs with anyone in the workspace.
Yes, you can add/remove users to a folder, and they will by default get those permissions on all docs in the folder.
Yes.
Not sure what the question is, but 1:1 I guess?
You can’t create local groups in Coda, only syncing them in from an IdP.
Correct, permissions are primarily at the doc-level. You can however use the sync page feature to share just a specific page to another doc.
Unfortunately we don’t have an easy API endpoint for that. The Admin API (Enterprise SKU only) provides endpoints to listing Workspace users, folder permissions, and doc permissions, and you’d have to combine them all.
See above. There is no endpoint that returns the effective permissions.