Go to WebsiteLoginGet a Demo

App Data Model

Cakewalk is the single source of truth for all apps used in your organization. This page explains how they are represented, what metadata is metadata is stored and how statuses and transitions work.

📖 Key Concepts

Every app record in Cakewalk has seven core attributes:

  1. App name: The unique representation of an application in your org.

  2. Accesses: Who has accessed this app.

  3. Permissions: The level of access that a user has.

  4. Source: Where the app came from (integration, discovery, manual import).

  5. Status: How the app is governed (managed, tracked, restricted, archived, etc.).

  6. App Owner: Who is responsible for the app’s governance (approvals, access reviews etc.).

  7. Metadata: Key details such as categories, description and risk metadata.

Together, these attributes determine how apps are surfaced, which actions admins can take and how access requests and reviews behave.

🗂️ App Data

Field
Description
Examples

App Name

Human-readable name of the application.

Slack, GitHub, Asana

Accesses

Linked user accounts discovered for this app.

Jane Smith, John Doe

Permissions

The level of access a user has.

Contributor, Editor, Admin

Source

Origin of the app record.

Google Workspace import, Browser extension discovery, Manual

Status

Governance state (see below).

Discovered, Requested, Tracked, Managed, Ignored, Archived

App Owner(s)

The user responsible for approving access & reviewing entitlements.

[email protected]

Default Metadata

Data
Description
Example

Website URL

The primary URL for the application’s main website or login portal. Used to identify and link to the official source.

https://slack.com

Description

A brief summary of what the application does, typically sourced from integrations or auto-enrichment.

“Team communication and collaboration platform.”

Tagline

A short phrase or slogan that describes the product’s main value proposition.

“Where work happens.”

Server Location

The geographic region(s) where the app’s servers or data centers are hosted. Often relevant for compliance and data residency.

“US-East (Virginia), EU (Frankfurt)”

Certifications

Security or compliance frameworks the app adheres to.

“SOC 2 Type II, ISO 27001, GDPR Compliant”

AI Risk Score

A Cakewalk-assigned risk metric (see below) reflecting the presence or use of AI features and potential data exposure risks.

“Medium (AI-assisted text generation)”

How we calculate AI risk

These scores are calculated based on five risk dimensions:

  • Data Access

  • Data Persistence

  • Data Containment

  • Security

  • Autonomy

Each dimension has an associated reason and score, which is aggregated into a final AI risk level (Low, Medium or High).

Custom Metadata

Additionally, you can add your own metadata to apps in the form of custom layouts, which can be found in Settings → Custom Layouts. Below is a list of the properties available to you:

Field Type
Description
Example Use Case

Short text

Single-line text field for simple values.

“Cost Center: 101-Marketing”

Long text

Multi-line input for notes or contextual details.

“Used primarily by finance for vendor reporting.”

Select

Dropdown menu for predefined options.

“Data Sensitivity: Low / Medium / High”

Date

Calendar-based field for tracking lifecycle or contract milestones.

“Renewal Date: Mar 31, 2026”

Number

Numeric value for metrics or scoring. Cakewalk supports different formats incl. currency and percentages.

“Monthly Spend: 1450”

Person

Field referencing a user in Cakewalk (typically an admin or app owner).

“Technical Owner: Jane Doe”

🌐 App Sources

Apps can be created in Cakewalk in several ways:

Source
Description

Integration

Imported automatically via Google Workspace or Microsoft Entra.

Browser Extension

Detected by Cakewalk Browser Extension.

Manual

Added manually by an admin in Cakewalk.

Requested

Submitted by end users through “Add new app” feature.

🚦 App Statuses

App statuses represent the level of governance applied. Each status unlocks specific actions for admins as well as app owners and determines whether users can request access.

Status
Meaning
Can be requested?
Tracks Access?

Discovered

App has been seen in your org but is not yet governed.

❌ No

✅ Yes

Requested

An end user has requested that the app become governed.

⏳ Pending state

✅ Yes

Tracked

App is tracked for visibility but not fully managed.

❌ No

✅ Yes

Managed

Fully governed app with policies, provisioning (if available) and access reviews.

✅ Yes

✅ Yes

Restricted

App is deliberately blocked or hidden; users are discouraged or prevented from access.

❌ No

✅ Yes

Ignored

App is intentionally excluded from governance and no longer tracked.

❌ No

❌ No

Archived

App has been deactivated and removed from the active directory. Request logs are kept for auditability.

❌ No

❌ No

Status Transitions

Admins can transition apps between statuses using contextual menu actions.

Common flows include:

Discovered → Tracked

Admin chooses to track the org-wide use of the app.

Discovered → Ignored

Admin chooses to ignore; Cakewalk stops tracking accesses.

Tracked → Managed

Admin promotes to fully managed; policies & reviews now apply.

Managed → Restricted

Admin blocks app usage but keeps audit data.

Restricted → Tracked

Admin unblocks and returns app to tracked state.

Managed → Archived

App is sunset, removed from catalog and deletion of the app account is triggered.

PreviousUser Data ModelNextPolicy, Request and Task Data Model

Last updated

Was this helpful?