Overview
Sorcia implements multi-layer access control to ensure users only see documents they’re authorized to access.Access Control Layers
Layer 1: Organization Membership
Database-level isolation Users must be members of an organization to access any data.Layer 2: User Roles
Role-based permissions| Role | Query | Manage Team | Integrations | Billing |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | ✓ |
| Admin | ✓ | ✓ | ✓ | ✗ |
| Member | ✓ | ✗ | ✗ | ✗ |
Layer 3: Permission Groups
Custom group-based access Fine-grained control via permission groups:- Integration-level access
- Source-level filtering
- Document-type restrictions
Layer 4: Source Permissions
Mirrors original system Respects permissions from:- Slack (channel membership)
- Google Drive (file sharing)
- Notion (page access)
- GitHub (repository access)
Query-Time Filtering
Every search automatically filters:Managing Access
Grant Access
Revoke Access
Audit Trail
All access logged:Security Scenarios
Confidential Documents
For sensitive information:- Restrict in Source - Limit access in Google Drive/Notion
- Create Private Group - Permission group with specific users
- Monitor Access - Review audit logs regularly
Department Isolation
Separate department data:Temporary Access
Grant time-limited access:- Add user to group
- Set calendar reminder to revoke
- Remove after period expires
Automated time-limited access coming soon (Enterprise)
Best Practices
Default Deny
Default Deny
Start with no access, grant as needed
Regular Audits
Regular Audits
Review access quarterly
Use Groups, Not Individuals
Use Groups, Not Individuals
Manage access via groups for scalability
Monitor Logs
Monitor Logs
Check audit logs for unusual access patterns
Troubleshooting
User can't see documents
User can't see documents
- Verify org membership
- Check role permissions
- Confirm permission group membership
- Verify source system access
- Check audit logs
Too many results
Too many results
User may have broad access. Create more restrictive group.