Set Up Confidential Document Access with Access Control Groups
Role: Project Admin
Time: 20–30 minutes
Prerequisites: Confidential documents exist (or will be uploaded); team members are added to the project; you are Project Admin
Access Control Groups (ACGs) restrict which project members can see specific documents. Use them for:
- Contractor pricing and cost estimates
- Confidential contract documents
- Commercially sensitive specifications
- Documents restricted to senior project staff only
This tutorial walks through setting up an ACG for "Commercial & Contract" documents that only a small group of project leads can access.
Step 1: Identify the access requirement
Before creating the ACG, define exactly who needs access and why.
Example scenario:
- Document category: Commercial & Contract drawings, BOQ, cost plans
- Who should see them: Project Director, Commercial Manager, Senior Contract Administrator
- Who should NOT see them: All contractors, most subcontractors, general team members
Write down the names and Kazinex accounts of the people who need access.
Step 2: Create the Access Control Group
- Go to Project Settings → Access → Access Control Groups.
- Click New Group.
- Configure the group:
| Field | Value |
|---|---|
| Group Name | Commercial & Contract — Restricted Access |
| Description | Confidential commercial documents: cost plans, BOQ, contract schedules |
-
Under Members, add the users who should have access:
- Search for each member by name or email
- Add: Project Director, Commercial Manager, Senior Contract Administrator
- Do not add the general reviewer or contractor contacts
-
Click Save Group.
Step 3: Apply the ACG to existing confidential documents
For each confidential document already in the register:
- Open the document record.
- Click Edit (or click the document settings icon).
- Find the Confidentiality or Access Control field.
- Set Restricted = Yes.
- Under Access Control Group, select Commercial & Contract — Restricted Access.
- Click Save.
Repeat for each confidential document. For large volumes, use the bulk edit feature: select multiple documents in the register → Bulk Edit → set Confidentiality = Restricted + set the ACG.
Step 4: Set the confidentiality flag on future uploads
When uploading a new confidential document, set the flag at creation time:
- Click New Document or Upload New Revision.
- In the Access Control section of the form:
- Confidentiality: Restricted
- Access Control Group: Commercial & Contract — Restricted Access
- Complete the rest of the form and save.
The document is created with access restrictions in place from the start — it never appears in the unrestricted register view.
Step 5: Verify access is restricted
Test the restriction using a team member account that should NOT have access:
- Ask a team member without ACG access to open the Documents tab.
- They should NOT see the confidential documents in the list.
- If they search for the document by title or number, the search should return no results.
- If you share the document URL directly with them, they should see an "Access Denied" or "Not Found" page.
Alternatively (if you have multiple accounts):
- Log out of your admin account.
- Log in as a non-ACG team member.
- Check the Documents list — the restricted documents should not appear.
Step 6: Verify ACG members can access
- Log in as (or ask) one of the ACG members.
- Navigate to Documents.
- The confidential documents should appear in the list, visible alongside unrestricted documents.
- The ACG member can open, download, and work with the documents normally.
Step 7: Manage group membership over time
As the project progresses, you may need to add or remove members from the ACG:
To add a new member:
- Project Settings → Access → Access Control Groups → open the group.
- Click Add Member → search and add the new user.
- Their access is immediate — no re-approval needed.
To remove a member (e.g. when they leave the project or no longer need access):
- Open the ACG.
- Find the member → click Remove.
- Their access is revoked immediately.
Verification
Confirm your setup is correct:
- Restricted documents do NOT appear in the Documents list for general team members
- ACG members CAN see and open restricted documents
- The Audit Log on a restricted document shows access events only for ACG members and admins
- Reports show confidential document counts (e.g. "5 Restricted documents — Approved") but do not expose content to non-ACG members
What's next
- Access Control Groups Guide — full ACG reference: filter logic, interaction with roles
- Document Locking & Confidentiality — confidentiality vs locking explained
- Permissions Best Practices — principle of least privilege and protecting sensitive data