Folders, documents, shared links, and inherited permissions. Bailiff handles the graph traversal so your database doesn't have to.
Users create documents and organize them in folders. They share folders with colleagues, and every document inside should be automatically accessible. Some documents have individual sharing overrides. Public links provide view-only access.
Checking "can this user see this file?" means traversing the folder tree in your database with expensive recursive queries.
Folder sharing, direct sharing, and public links are implemented as separate systems that don't always agree.
Deep folder hierarchies get slower as nesting increases. Your API latency depends on folder depth.
When a user reports they can't access a file, debugging requires tracing through multiple tables and code paths.
Documents belong to folders. Folders can contain other folders. Bailiff traverses the graph automatically when you check permissions.
Share a folder with a team and every document inside is accessible. Share a single document with an individual for fine-grained overrides.
Every check shows the full inheritance chain: user → team → folder → subfolder → document. Debugging is instant.
The Collab Drive scenario demonstrates folder sharing, inheritance, and public links. Switch identities to see how access flows down the hierarchy.