Overview

Unique provides highly granular access control, allowing you to manage who can view and access specific knowledge folders and files, ensuring the utmost enterprise data privacy.

Who is it for

Team and System Admins configure the Knowledge Base to match the organization's structure and access needs. They manage permissions, controlling who can access folder information and who is allowed to upload files to these folders.

Users with at least the knowledge.read and knowledge.write roles. These roles are required to view and modify access permissions within the Knowledge Base. For details check the Step-by-Step Guide below.

If you’re unable to access certain features or sections of this article, it’s possible that your firm doesn’t have access or hasn’t upgraded to the latest version. Please reach out to your internal support team for further assistance.

Benefits

Ensure that only authorized individuals and groups can view or access sensitive information and data.
Maintain confidentiality and data privacy across teams and departments.

Use Cases

Team-Specific Folders: Set up segregated team folders to manage access effectively (e.g., a hedge fund ensuring that only data within a specific POD is accessible, or banks adhering to Chinese wall regulations).
Confidentiality Management: Protect sensitive information by restricting access to specific roles or individuals.

Step-by-Step Guide

Step 1: Understand the Folder Access Permissions

To manage folder permissions effectively within the UI, admins must have at least the knowledge.read and knowledge.write roles within Zitadel. For more details, refer to the documentation at Understand Roles and Permissions

If an admin requires access to a root-level folder (e.g., to grant someone permissions as their is no onw ), they must also have the chat.admin.all role.

Folder access permissions can be managed within the Knowledge Base on the Unique Platform according to the following table (also refer to Step 2).

Zitadel Role	Folder Access Permissions
Zitadel Role	Can read	Can write	Can manage
knowledge.read	View contents in folder Open file View chunks	Not available	Not available
+ knowledge.write	View contents in folder Open file View chunks	Scope level: Upload content Delete content Re-ingest failed content Create folder Delete folder Rename folder	Scope level: View access Change access Configure Ingestion
+ chat.admin.all	View contents in folder Open file View chunks	Root level: Create folder Delete folder Scope level: Upload content Delete content Re-ingest failed content Rename folder	Scope level: View access Change access configure ingestion

Step 2: Navigate to Folder in Knowledge Base

Go to the Knowledge Base UI.
Navigate to the scope/folder where you want to grant a member the “Can manage” access.
Locate the scope access panel on the right
scope access panel
Click on the input box to select the member or group to give access. Click on the “Can manage” button. You can also check the “apply to all subfolders” if you want them to have access to subfolders of the current scope, then select the member you want to give the access(s).

Give access to member(s)

Sub-folders do not inherit access settings from their parent folders. This means that if a user has access to a sub-folder but not to its parent folder, they will only be able to access the sub-folder via the Search function, not through the Column View. Similarly, a user cannot access the contents of a sub-folder they have not been specifically assigned to.

You can also use the Edit button beside a member to add the “Can manage” access.

Use edit button to give member access

Tips & Tricks

If you don’t see the permissions ‘Can read’, ‘Can write’ and ‘Can manage’, you might lack the base role in Zitadel.
If you are unable to add the ‘Can manage’, you will need to have a feature flag enabled.

API

For more information on how to manage Scopes and Accesses via API: Managing scopes & access via API

Limitations