How clearance works
Clearance adds a second access gate orthogonal to room membership. Even if a user is a member of a room, they cannot access a file whose classification exceeds their effective clearance.
User can access file if:
user.org_unit_membership = room.org_unit AND
user.room_membership EXISTS AND
user.effective_clearance >= file.classification
Classification levels
| Level | Label | Description |
|---|
| C1 | Public sensitivity | Accessible to any authenticated user |
| C2 | Internal | Standard internal documents |
| C3 | Confidential | Sensitive business data |
| C4 | Restricted | Highest sensitivity — board materials, cryptographic keys, M&A |
Effective clearance
A user’s effective clearance is:
effective_clearance = max(role_default, explicit_override)
| Role | Default clearance |
|---|
| Owner | C4 |
| Domain Admin | C4 |
| Security Officer | C4 |
| Department Admin | C3 |
| Member | C2 |
| Auditor | C2 |
Setting clearance
- Navigate to Organisation → Users
- Click a user → Set Clearance
- Select a level (or clear the override to revert to role default)
- Click Save
The change takes effect immediately. The event is recorded in the audit log.
Clearance matrix
The Clearance Matrix view (Organisation → Clearance Matrix) shows all users and their effective clearance in a single table — useful for access reviews and auditor evidence.
File classification at upload
When uploading a file, contributors can set the classification. If not set, the room’s default classification is used. Room owners set the default during room creation.
Downgrading a file’s classification (e.g. C4 → C2) is a sensitive action. It is logged and requires the acting user to have clearance ≥ the original classification.
