Knowledge Base Clearance
NATO-aligned document clearance levels for Knowledge Base documents — controlling visibility, search filtering, and automatic extraction of structured company information.
Scrydon supports NATO-aligned clearance levels on Knowledge Base documents to control who can see what. Every document is assigned a clearance level, and users can only access documents at or below their own clearance — determined by their organization role.
Documents default to UNCLASSIFIED on upload. An admin can raise or lower the clearance at any time from the document list.
Clearance Levels
Five clearance levels are available, ordered from least to most restrictive:
| Level | Rank | Who Can Read | Description |
|---|---|---|---|
| UNCLASSIFIED | 0 | All org members | Default level — no access restriction |
| RESTRICTED | 1 | All org members | Marked as sensitive, but readable by all members |
| CONFIDENTIAL | 2 | Org admins and owners | Internal-only — members cannot access |
| SECRET | 3 | Org owners only | Highly restricted — admins cannot access |
| TOP SECRET | 4 | Org owners only | Maximum restriction — owners only |
Role-to-Clearance Mapping
A user's maximum clearance is derived from their organization role:
| Organization Role | Maximum Clearance | Can Read |
|---|---|---|
| Member | RESTRICTED | UNCLASSIFIED, RESTRICTED |
| Admin | CONFIDENTIAL | UNCLASSIFIED, RESTRICTED, CONFIDENTIAL |
| Owner | TOP SECRET | All levels |
There is no way to grant a user a higher clearance than their role allows. To give someone access to CONFIDENTIAL documents, they must be promoted to org admin or owner.
How Clearance Works
Clearance filtering is enforced at three points in the system:
Chunk Inheritance
When a document is processed into chunks for embedding, each chunk inherits the parent document's clearance level. Changing a document's clearance automatically applies to all of its chunks — there is no per-chunk clearance override.
Clearance Changes
Raising a document's clearance immediately hides it (and its chunks) from users who no longer meet the threshold. Lowering the clearance makes it visible to a broader audience. Changes take effect on the next page load or search query.
Auto-Extraction
When documents are processed in the Knowledge Base, an LLM automatically extracts structured company information from the content. This runs as a best-effort step during document ingestion — if extraction fails, the document is still processed normally.
What Gets Extracted
The extraction pipeline identifies and categorizes information into structured fields:
| Category | Example Fields |
|---|---|
| Company Identity | Mission statement, vision, core values, brand positioning |
| Strategy | Strategic priorities, competitive advantages, growth plans |
| Risk & Compliance | Regulatory requirements, risk factors, compliance frameworks |
| Financial Context | Revenue model, key financial metrics, budget priorities |
| Stakeholders | Key customers, partners, investors, organizational structure |
Where Extracted Fields Appear
Extracted fields are surfaced in the Context settings page under Organization Settings. This gives all authorized users a consolidated, read-only view of company knowledge derived from uploaded documents.
Extracted fields are read-only. To update them, upload new documents or update existing documents in the Knowledge Base. The extraction pipeline will re-process and merge the latest information.
Clearance-Filtered Fields
Extracted fields inherit the clearance level of the document they were extracted from. When a user views the Context settings page, they only see fields extracted from documents at or below their clearance level. This means:
- An org member sees fields from UNCLASSIFIED and RESTRICTED documents
- An org admin also sees fields from CONFIDENTIAL documents
- An org owner sees all fields, including those from SECRET and TOP SECRET documents
Setting Clearance
Organization admins and owners can change a document's clearance level from the Knowledge Base.
Raising a document to SECRET or TOP SECRET will immediately hide it from all admins and members. Only org owners will be able to see and manage the document going forward.