← Lessons

quiz vs the machine

Gold1440

System Design

Access Control for Collaboration

Granting view, comment, and edit rights in a live shared document.

5 min read · core · beat Gold to climb

What must be controlled

In a shared document, access control decides who can view, comment, or edit, and it must be enforced even as edits stream in real time. A read only viewer must never have an edit slip through.

Where checks happen

  • The server authorizes every incoming operation, since a client is untrusted and could forge edits.
  • The client hides controls a user cannot use, purely for a clean experience, not for security.

Granular roles

Common roles are viewer, commenter, and editor, and some systems add per range permissions so part of a document is locked while the rest is open. Permission changes must propagate quickly so a revoked user stops editing at once.

Revocation is the tricky case, because an editor with a live connection must be downgraded and have queued edits dropped immediately.

Key idea

Collaborative access control authorizes every operation on the server and propagates role changes fast so revoked users lose edit power at once.

Check yourself

Answer to earn rating on the learn ladder.

1. Where must edit permissions be enforced for security?

2. Why is revocation the tricky case?