4-Layer Access Control

Most self-hosted platforms give you a binary choice: public or private. AppKask has a four-layer permission model that handles everything from anonymous sharing to enterprise RBAC.

The Four Layers

Layer 1 — Public. Mark any resource as publicly accessible. No authentication required.

Layer 2 — Access Codes. Generate a shareable code with optional expiry and download limits. Recipients don’t need an account — just the link and the code.

Layer 3 — Groups. Create teams with role-based permissions: Owner, Admin, Editor, Contributor, Viewer. Invite members via email with secure tokens.

Layer 4 — Ownership. The creator of a resource always has full admin control.

Audit Trail

Every access decision — granted or denied — is logged with:

• User ID and IP address
• Resource type and ID
• Permission requested and granted
• Access layer that authorized the decision
• Timestamp

This isn’t just for compliance. It’s how you answer “who accessed this file and when?” without guessing.

Access Codes in Practice

The killer feature for consultants: share a folder of training materials with a client by generating a code. The client opens a URL, enters the code, and browses everything. No account creation, no password reset emails, no IT department approval.

When the engagement ends, revoke the code. Done.