Sharing & permissions — bRRAIn Docs

Access control model, share links, revoking access, audit logs, and collaboration patterns.

Sharing & permissions

The Portal's access model is built on the bRRAIn 7-tier role hierarchy, with per-document overrides for fine-grained sharing.

The four share roles

| Role | Can view | Can edit | Can share | Can delete | | --- | --- | --- | --- | --- | | Owner | Yes | Yes | Yes | Yes | | Editor | Yes | Yes | Owner allows | No | | Viewer | Yes | No | No | No | | Guest | Time-boxed | No | No | No |

Owners can always reassign Owner to another user (provided that user is at least an Editor on the parent workspace).

Sharing a document

Sharing happens from the document toolbar:

┌───────────────────────────────────────────┐
│ Q1-Portfolio-Summary.pdf         [Share] │
└───────────────────────────────────────────┘
       ↓
┌────────────────────────────────────────────────┐
│ Add collaborator                               │
│ ─────────────────                              │
│ alice@lawfirm.io              [Editor ▾]      │
│ compliance@client.co           [Viewer ▾]      │
│ + Add collaborator                              │
│                                                │
│ [ Copy share link ]    [ Save ]               │
└────────────────────────────────────────────────┘

Collaborators receive an email with a link that requires authentication — there are no anonymous share links.

Share links

Share links are signed, expiring tokens scoped to a single document. They honor the role assigned at creation time and respect subsequent permission changes (revocation is immediate).

Options on link creation:

  • Expiry — 1 hour, 24 hours, 7 days, 30 days, or "never"
  • Password — optional additional factor before opening
  • Watermark — viewer's email is overlaid on preview renders
  • Download allowed — toggle; Viewer role may be limited to preview-only

Revoking access

Remove a collaborator from the sharing panel or revoke a share link from app.brrain.io/documents/{id}/audit. Revocation takes effect within 5 seconds globally; in-flight requests complete, but new requests fail with HTTP 403.

Audit log

Every access event is logged immutably to the audit zone:

{
    "event_id": "evt_7h2j...",
    "document_id": "doc_lh3f...",
    "actor": "alice@lawfirm.io",
    "action": "viewed",
    "timestamp": "2026-04-16T14:32:11Z",
    "ip": "203.0.113.42",
    "user_agent": "Mozilla/5.0 (Macintosh...)",
    "classification": "confidential",
    "policy_check": "pass"
}

Events include: created, viewed, downloaded, edited, shared, unshared, renamed, moved, deleted, restored.

Audit logs can be exported as CSV or JSON from the document's "Audit" tab, or queried via the API.

Collaboration patterns

Pattern A — private drafts

Keep personal drafts in your user workspace. Promote to a team workspace when ready.

Pattern B — team review

Share an Editor-role document with your team; comments and change history are tracked per user. Use @mentions in comments to notify specific reviewers.

Pattern C — external audit

Share Viewer-role with expiring watermarked links. Auditors cannot download or re-share. Revoke at engagement end.

Pattern D — cross-organization

Use Vendor Network share (coming in Phase 3) for cryptographically verified cross-tenant collaboration. Until then, create Guest accounts for external counterparties.