DocuTrain hosts everything from public marketing FAQs to internal medical guidelines to passcode-protected training modules — all on the same platform, all with the same chat experience. The thing that separates them is access control.
This post walks through DocuTrain's five document access levels, the role hierarchy that backs them, and how collections add a second access layer on top.
The five access levels
Each document has an access level you choose in the document editor's Settings tab.
1. Public
Anyone with the URL can chat with the document. No login required. You can also allow the document in DocuTrain's public search directory and include it in the SEO sitemap when that makes sense.
Public is the right choice for marketing FAQs, product documentation, conference materials, or anything you want indexed by search engines.
2. Registered
Any logged-in DocuTrain user can access the document. There's no group membership check — if the user has an account, they're in.
Useful when you want to know who's using the document (conversation logs are attributed to the user) but don't need to gate by organization.
3. Passcode
Users must enter a passcode before they can start chatting. You can combine this with registration, so you can require both a login and a passcode for an extra layer of friction.
Passcodes are great for ad-hoc shares: a one-off training cohort, a beta program, a client deliverable.
4. Owner-restricted (the default)
Only members of the document's owner group can access it. This is the default for newly uploaded documents and it's what makes DocuTrain work for real organizations — your team can publish documents internally without worrying that a misclick on a sharing setting will leak them.
To gain access, a user needs membership in that owner group. Owner admins automatically can open every document in their organization, so they don't need a separate grant per document.
5. Owner admins only
Only administrators of the owner organization can access. Useful for drafts, internal SOPs, or documents that contain sensitive operational details you don't want shared even with regular registered members.
The role hierarchy
Three roles work together:
| Role | Scope | What it can do |
|---|---|---|
| Registered member | Per organization | Chat with owner-restricted content in groups they belong to. |
| Owner admin | Per organization | Everything a member can do, plus manage all documents and settings for that organization. Automatically has access to every document in that organization. |
| Platform admin | Whole product (rare) | Full operator access across organizations — used sparingly by DocuTrain staff or trusted founders. |
A person can have different roles in different organizations — they might be an admin for their employer and a regular member of a professional society.
When someone's role changes, DocuTrain keeps access records tidy automatically so you don't end up with redundant grants.
Invitations
New users join an owner group through email invitations. Each invite is single-use and tied to:
- An email address
- A target organization (optional — some invitations are broader)
- Whether they're joining as a member or an admin
- A time limit (typically about 30 days)
DocuTrain sends the invitation by email. When the recipient clicks the link, they're added to the organization with the right role, and admins get a heads-up that someone new joined.
How enforcement works
DocuTrain checks permissions in more than one layer so access rules stay consistent: data is organized per organization, and the app double-checks what each person is allowed to see before returning it. That's why the same link can be public for the world, members-only for your team, or invisible except to admins — without you managing separate copies of the content.
In practice, when someone browses or searches documents for an organization, DocuTrain:
- Figures out which organization they're asking about.
- Decides whether they need to sign in.
- Confirms their relationship to that organization (member, admin, or operator).
- Shows only documents whose access level matches that relationship.
Collections add a second axis
Documents have access levels. Collections — for grouping multiple documents under a shared landing page — have their own, separate access controls:
- Public — anyone with the collection URL can browse.
- Passcode — users enter a collection-level passcode.
- Token — the collection can issue share links with a name, expiry, max uses, and revocation. Whoever holds a valid token can open the bundle, even if they aren't a member of your organization.
This is useful when you want to share a curated bundle with someone who shouldn't be added to your whole team. You can issue access for seven days, cap it at 50 opens, and revoke it anytime — all from the collection editor.
When to use which
A rough decision guide:
| Use case | Recommended access |
|---|---|
| Marketing FAQ, product docs, conference handouts | Public, plus discoverable and sitemap where you want SEO |
| Beta cohort or one-off client share | Passcode |
| Internal team documents | Owner-restricted (the default) |
| Drafts, internal SOPs, sensitive metadata | Owner admins only |
| Curated bundle for an external partner | Collection with token-style sharing |
| "We need to know who's reading this, but anyone can" | Registered |
What this gives you in practice
Most platforms force you to pick one of "public" or "behind a login wall." DocuTrain's five-level model lets a single organization run all of the following side-by-side:
- A public marketing FAQ indexed by Google
- A free training intro available to anyone with an account
- A paid customer manual gated by group membership
- A clinical SOP available only to admins
- A passcode-protected pilot program
All inside one dashboard, all with the same chat experience, all without changing platforms.
The next post moves on from who can chat to how the AI behaves once they're in the chat.
→ Next: Steering the AI: Prompts, Safety, Abstracts, and Quizzes