Permissions & Access Control
Knowledge Raven uses a two-level permission model. Workspace roles control who can manage billing and invitations. Knowledge base permissions control who can access specific content. The two levels are independent — a workspace Admin has no special access to knowledge base data.
Overview
Workspace Level:
| Role | Billing & Plans | Invite / Remove Users | KB Access |
|---|---|---|---|
| Admin | ✓ | ✓ | Own KBs + shared KBs only |
| User | ✗ | ✗ | Own KBs + shared KBs only |
Knowledge Base Level:
| Role | Search & View | Add / Edit Documents | Share KB | Delete KB |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | ✓ |
| Write | ✓ | ✓ | ✗ | ✗ |
| Read | ✓ | ✗ | ✗ | ✗ |
Notice that both Admin and User have identical KB access — the Admin role only controls workspace management, not data visibility.
Workspace Roles
A workspace has two roles:
- Admin — Can manage billing, change plans, and invite or remove workspace members. Within the application itself, an Admin has no special access to knowledge base content — they can only see their own KBs and KBs shared with them, just like any other user.
- User — Can use the platform, create their own knowledge bases, and access shared knowledge bases they have been invited to.
Admin ≠ elevated data access. A workspace Admin cannot see or search knowledge bases they haven’t been explicitly invited to. The Admin role is purely for workspace management (billing, members).
Knowledge Base Permissions
Each knowledge base has three roles:
- Owner — Full control. Can add and edit documents, invite members with Read or Write access, and delete the knowledge base.
- Write — Can add and edit documents within the knowledge base. Cannot share or delete the KB.
- Read — Can search and view all documents in the knowledge base. Cannot modify content.
How sharing works:
- The KB Owner invites specific workspace members and assigns them a role (Read or Write)
- Sharing is per-user — there is no “share with entire workspace” option
- All members of a KB can access all its documents. Permissions are at the KB level, not at the document level.
Private Knowledge Bases
Every user — not just Admins — can create their own knowledge bases. A private KB is invisible to everyone else, including workspace Admins.
This enables personal use cases within a shared workspace:
- A student’s study notes alongside team resources
- A freelancer’s client files in a company workspace
- An employee’s personal research collection
Private KBs become shared only when the Owner explicitly invites other members.
Connector Data & Permissions
When you connect a source (Confluence, Notion, GitHub, Dropbox, or Google Drive) and sync documents into a knowledge base, those documents become KB data. From that point, knowledge base permissions apply — not the source system’s permissions.
Source permissions are not carried over. If a Confluence page is restricted to specific users in Confluence, that restriction does not apply after syncing. Anyone with Read or Write access to the knowledge base can search all synced documents. Plan your KB structure accordingly.
Agent Access via MCP (OAuth 2.1)
When an AI agent connects to Knowledge Raven via MCP, it uses OAuth 2.1 for authentication. The agent always acts as the authenticated user — there is no “super agent” with global access.
How it works:
- The user authenticates with their Knowledge Raven account
- The agent receives a scoped access token tied to that user
- All queries the agent makes respect the user’s KB permissions
- The agent can only search knowledge bases the user has access to
This is a key security differentiator: many platforms give agents a global API key with access to everything. Knowledge Raven scopes every agent session to the individual user’s permissions by design.
User Removal
- KB Owner removed from workspace — Existing members (Write and Read) retain their access to the knowledge base. The KB continues to function.
- Non-owner member removed from workspace — Nothing changes for other KB members. Only the removed user loses access.
Visibility & Transparency
- KB Owners can see all members and their roles in the sharing dialog
- Members (Write and Read) can see who else has access to a shared knowledge base
This ensures transparency — every member knows who can see the content they contribute.