What is a room?
A Room is an encrypted workspace. It has its own key, its own member list, and its own audit log. Every file uploaded to a room is encrypted with that room’s key — members outside the room cannot decrypt the files even if they obtain the ciphertext.
Creating a room
- Navigate to Rooms in the sidebar
- Click New Room
- Set a name, optional description, and classification level
- Click Create
The room is immediately active. You are automatically set as the room owner.
Room roles
| Role | Upload | Download | Manage members | Delete room |
|---|
| Owner | ✓ | ✓ | ✓ | ✓ |
| Contributor | ✓ | ✓ | — | — |
| Viewer | — | ✓ | — | — |
Adding members
Only users who are members of the Org Unit that owns the room can be added as room members.
- Open the room
- Click Members → Add member
- Select users from the Org Unit
- Assign a role
If a user is removed from an Org Unit, they lose access to all rooms owned by that Org Unit — not just one room. Review Org Unit membership carefully before removal.
File classification
Each file in a room carries a classification label:
| Label | Access required |
|---|
| C1 — Public | Any authenticated user |
| C2 — Internal | Clearance ≥ C2 (default for most users) |
| C3 — Confidential | Clearance ≥ C3 |
| C4 — Restricted | Clearance ≥ C4 (owners and security officers only) |
Sharing files externally
Room owners can share individual files with users outside the organisation via a time-limited, encrypted share link. The link includes a short-lived access token — it cannot be used after expiry.
External share links do not grant room access. The recipient can download only the specific file.
Archiving and deleting rooms
- Archive — room becomes read-only; files are retained and auditable
- Delete — permanently removes all files and keys; this action is irreversible
Deleted rooms cannot be recovered. Ensure you have an offline backup of any files you need to retain before deleting a room.
