Skip to content

Access Control

CYFR enforces access control at multiple layers: authentication, authorization, and encryption key delivery.

Permission Model

Permission Scope Description
content:read Content View content metadata and playback
content:write Content Upload, update, delete content
content:share Content Generate sharing links
admin:read Account View settings, users, audit logs
admin:write Account Modify settings, manage users
analytics:read Account View usage metrics

Teams

Teams group users for simplified permission management:

  1. Create a team: Admin → Teams → New Team
  2. Add users to the team
  3. Grant team access to content folders

Team permissions are additive — a user's effective permissions are the union of their individual and team permissions.

Content Visibility

Visibility Who Can Access
Private Owner only
Team Specified teams
Organization All account members
Public Anyone with the link (JWT still required)

Generate time-limited, password-protected sharing links for external viewers:

POST /v1/content/{content_id}/share
{
  "expires_in_hours": 72,
  "password": "optional-password",
  "max_views": 10
}