¶ Objects and data
Objects and their data are the core payload of IoT Cloud projects.
Object structures define metadata and hierarchy of objects.
- Designed first, then physically generated in PostgreSQL.
- Can define parent/child hierarchy and references.
- Can optionally allow data tables for objects of that structure.
- Can store history and role access tables (depending on flags).
- Structure design views are intended for users with Architect permission.
- Most users work with generated objects and their data, not with structure design.
Generated object tables can be removed later, but object rows are lost.
Data tables are created for a specific object structure and store high-volume changing records (typically time series).
- One object structure can have multiple data tables.
- Data is always linked to a concrete object.
- Objects can exist without data; data cannot exist without object.
- Data tables/data do not maintain role-per-row permissions and change history in the same way as objects.
An object can include:
- child objects
- assigned data table (if allowed by structure)
- role access (if object authentication is enabled)
- history (if enabled)
- import/export for object data
When switching an object's assigned data table, the object's old data in the previous table must be removed first.
¶ Authorization model for table and object operations
Authorization combines:
- role permissions allowed on object structure
- inherited project permissions (including defaults and possibly instance-derived permissions for users)
If object authentication is enabled:
- role permissions explicitly granted for the object are applied
- plus object-structure-level permissions
If object is not private:
- effective object-structure permissions are additionally propagated
If object is private:
- explicit object permissions are required
Table/object permissions are:
- Object manager
- Data analyst
- Data source
- Data manager
Object/data authorization extends project-level checks with object-structure and optional object-level permissions.
For full decision logic (instance -> project -> object structure -> object), see Permissions and authorization.