Document Locking & Confidentiality
Kazinex Workflows provides two independent mechanisms for restricting document access and editability: locking (prevents further revisions) and confidentiality (limits who can see the document).
Document Locking
What locking does
A locked document cannot have new revisions uploaded. The document record is still visible to all project members with appropriate access — they can view, download, and transmit the document — but no one can upload a new revision while the lock is active.
Locking is separate from the document's status. An Approved document can be locked to prevent accidental re-revision, while remaining visible and transmittable.
When to lock documents
- Issued-for-construction drawings — once a drawing is approved and issued, locking prevents accidental upload of a new draft revision that could confuse construction teams
- Contractually submitted documents — documents that have crossed a contractual milestone should be frozen at that revision
- Audit evidence — documents that form part of a quality record should be locked to prevent modification
- End-of-project archival — lock all documents in a project during closeout to create an immutable project archive
How to lock a document
- Open the document detail page.
- Click the ⋮ (more options) menu.
- Select Lock Document.
- Confirm in the dialog.
The document shows a 🔒 lock icon in the register list and a lock banner on the detail page.
Who can lock and unlock documents
| Action | Required role |
|---|---|
| Lock a document | Project Admin, Org Admin, Document Controller (with manage_documents permission) |
| Unlock a document | Project Admin, Org Admin |
Locking and unlocking are permanent audit events — they appear in the document's event history with the actor's name and timestamp.
Unlocking
To allow a new revision:
- Open the locked document detail page.
- Click ⋮ → Unlock Document.
- Confirm. The lock banner is removed and new revisions can be uploaded.
Unlocking does not change the document's status — it only re-enables revision uploads.
Confidentiality
What the confidentiality flag does
Marking a document Confidential restricts its visibility. Confidential documents are only visible to:
- Members who belong to an Access Control Group that includes confidentiality access for the document's discipline and type
- Project Admins and Org Admins (always see all documents, including confidential)
Members who do not have access cannot see the document record in the register, search results, or any related view (transmittals, reports, etc.).
When to use confidentiality
- Commercial-in-confidence documents — contract pricing, tender submissions, financial analyses
- Personnel records — HR documents, performance records within project documentation
- Legally sensitive — documents that must be restricted to specific parties under contract or regulation
- Strategic or board-level — business cases, investment analyses, sensitive programme information
How to mark a document confidential
- Open the document detail page (or the document creation form).
- Toggle the Confidential switch to On.
- Save (or submit the form).
The document immediately becomes invisible to members who lack access control group membership with confidentiality permission. A confidentiality banner is visible on the detail page to remind admins the document is restricted.
Who can set and remove confidentiality
| Action | Required role |
|---|---|
| Mark as confidential | Project Admin, Org Admin, member with manage_documents |
| Remove confidentiality | Project Admin, Org Admin |
Access Control Groups and confidentiality
Access Control Groups define which members can see confidential documents of specific disciplines and types. Creating and managing these groups is covered in Access Control Groups.
If a document is confidential but no Access Control Group covers its discipline/type, only Admins can see it — meaning team members who should see it won't, until an appropriate group is configured.
Confidentiality and audit
All confidentiality enable/revoke events are permanently logged in the document's event history (event action: confidentiality_enabled / confidentiality_revoked) with the actor and timestamp.
Confidential documents remain searchable and visible in the Audit Log for admins — the audit log is never restricted by confidentiality.
Marking documents as "No Longer in Use"
Related to confidentiality, the No Longer in Use flag signals that a document should not be referenced going forward — but is retained for historical record. This flag does not restrict visibility; it is a soft deprecation marker. Use it for documents that were registered but never formally progressed (e.g. early concept options that were abandoned).
What's next
- Access Control Groups — define which members can see confidential documents
- Document Statuses — how status interacts with locking
- Audit Trail — view lock/unlock and confidentiality events