Security categories provide fine-grained access control on top of standard capabilities. When you apply a security category to a resource, only principals (users or service accounts) that have both the required resource capability and membership in that security category can access the resource.Documentation Index
Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
Use this file to discover all available pages before exploring further.
How security categories work
Security categories add a second layer of access control. A principal needs to satisfy two conditions to access a protected resource:- The principal must have the standard resource capability (for example,
timeseries:read). - The principal must have the
securitycategories:memberofcapability for the same security category applied to the resource.
Supported resource types
You can apply security categories to the following resource types:- Time series
- Files
Limits
| Resource | Limit |
|---|---|
| Security categories per project | 1,000 |
| Security categories per time series | 100 |
| Security categories per file | 100 |
Time series linked to a data modeling instance (
instanceId) cannot have security categories.Key capabilities
- Create security categories by name (names must be unique within a project)
- List all security categories in a project
- Delete security categories by ID