# App Data Model ### 📖 **Key Concepts** Every **app record** in Cakewalk has seven core attributes: 1. **App name:** The unique representation of an application in your org. 2. **Accesses:** Who has accessed this app. 3. **Permissions**: The level of access that a user has. 4. **Source:** Where the app came from (integration, discovery, manual import). 5. **Status:** How the app is governed (managed, tracked, restricted, archived, etc.). 6. **App Owner:** Who is responsible for the app’s governance (approvals, access reviews etc.). 7. **Metadata:** Key details such as categories, description and risk metadata. Together, these attributes determine how apps are surfaced, which actions admins can take and how access requests and reviews behave. *** ### 🗂️ **App Data** | Field | Description | Examples | | ---------------- | ------------------------------------------------------------------- | ------------------------------------------------------------ | | **App Name** | Human-readable name of the application. | Slack, GitHub, Asana | | **Accesses** | Linked user accounts discovered for this app. | Jane Smith, John Doe | | **Permissions** | The level of access a user has. | Contributor, Editor, Admin | | **Source** | Origin of the app record. | Google Workspace import, Browser extension discovery, Manual | | **Status** | Governance state (see below). | Discovered, Requested, Tracked, Managed, Ignored, Archived | | **App Owner(s)** | The user responsible for approving access & reviewing entitlements. | | #### **Default Metadata** | Data | Description | Example | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | | **Website URL** | The primary URL for the application’s main website or login portal. Used to identify and link to the official source. | | | **Description** | A brief summary of what the application does, typically sourced from integrations or auto-enrichment. | “Team communication and collaboration platform.” | | **Tagline** | A short phrase or slogan that describes the product’s main value proposition. | “Where work happens.” | | **Server Location** | The geographic region(s) where the app’s servers or data centers are hosted. Often relevant for compliance and data residency. | “US-East (Virginia), EU (Frankfurt)” | | **Certifications** | Security or compliance frameworks the app adheres to. | “SOC 2 Type II, ISO 27001, GDPR Compliant” | | **AI Risk Score** | A Cakewalk-assigned risk metric (see below) reflecting the presence or use of AI features and potential data exposure risks. | “Medium (AI-assisted text generation)” | {% hint style="info" %} **How we calculate AI risk** These scores are calculated based on five risk dimensions: * **Data Access** * **Data Persistence** * **Data Containment** * **Security** * **Autonomy** Each dimension has an associated **reason** and score, which is aggregated into a final **AI risk level** (`Low`, `Medium` or `High`). {% endhint %} *** #### **Custom Metadata** Additionally, you can add your own metadata to apps in the form of custom layouts, which can be found in **Settings → Custom Layouts.** Below is a list of the properties available to you: | Field Type | Description | Example Use Case | | -------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | | **Short text** | Single-line text field for simple values. | “Cost Center: 101-Marketing” | | **Long text** | Multi-line input for notes or contextual details. | “Used primarily by finance for vendor reporting.” | | **Select** | Dropdown menu for predefined options. | “Data Sensitivity: Low / Medium / High” | | **Date** | Calendar-based field for tracking lifecycle or contract milestones. | “Renewal Date: Mar 31, 2026” | | **Number** | Numeric value for metrics or scoring. Cakewalk supports different formats incl. currency and percentages. | “Monthly Spend: 1450” | | **Person** | Field referencing a user in Cakewalk (typically an admin or app owner). | “Technical Owner: Jane Doe” | *** ### 🌐 **App Sources** Apps can be created in Cakewalk in several ways: | Source | Description | | --------------------- | --------------------------------------------------------------- | | **Integration** | Imported automatically via Google Workspace or Microsoft Entra. | | **Browser Extension** | Detected by Cakewalk Browser Extension. | | **Manual** | Added manually by an admin in Cakewalk. | | **Requested** | Submitted by end users through “Add new app” feature. | *** ### 🚦 **App Statuses** App statuses represent the **level of governance** applied. Each status unlocks specific actions for admins as well as app owners and determines whether users can request access. | Status | Meaning | Can be requested? | Tracks Access? | | -------------- | ------------------------------------------------------------------------------------------------------- | ----------------- | -------------- | | **Discovered** | App has been seen in your org but is not yet governed. | ❌ No | ✅ Yes | | **Requested** | An end user has requested that the app become governed. | ⏳ Pending state | ✅ Yes | | **Tracked** | App is tracked for visibility but not fully managed. | ❌ No | ✅ Yes | | **Managed** | Fully governed app with policies, provisioning (if available) and access reviews. | ✅ Yes | ✅ Yes | | **Restricted** | App is deliberately blocked or hidden; users are discouraged or prevented from access. | ❌ No | ✅ Yes | | **Ignored** | App is intentionally excluded from governance and no longer tracked. | ❌ No | ❌ No | | **Archived** | App has been deactivated and removed from the active directory. Request logs are kept for auditability. | ❌ No | ❌ No | *** #### **Status Transitions** Admins can transition apps between statuses using contextual menu actions. Common flows include: | **Discovered → Tracked** | Admin chooses to track the org-wide use of the app. | | ------------------------ | --------------------------------------------------------------------------------- | | **Discovered → Ignored** | Admin chooses to ignore; Cakewalk stops tracking accesses. | | **Tracked → Managed** | Admin promotes to fully managed; policies & reviews now apply. | | **Managed → Restricted** | Admin blocks app usage but keeps audit data. | | **Restricted → Tracked** | Admin unblocks and returns app to tracked state. | | **Managed → Archived** | App is sunset, removed from catalog and deletion of the app account is triggered. | *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.getcakewalk.io/concepts/data-models/app-data-model.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.