The Permission Problem: When Basic Access Controls Are Missing

This is Part 3 of our ACC Pain Points series. We analyzed 4,295 feature requests from the ACC Ideas forum.

The Permission Paradox

🔐

Enterprise Software. Consumer-Grade Controls.

ACC is used by multi-billion dollar construction projects with hundreds of subcontractors, sensitive bid documents, and strict compliance requirements.

Yet users can’t remove inherited folder permissions.

The Numbers

504

Permission Ideas

3,251

Community Votes

Most-Voted Overall

Years Waiting

The #5 Most-Voted Request

#5 MOST VOTED

175 KUDOS

“I would like the ability to control permissions on sub folders outside of what is inherited. For example, I give everyone EDIT access at the Project Files level, but we have some folders deep inside the project we want to remove full access and only VIEW access. Currently we cannot do this.”

View on Forum•Posted: December 2023•Status: Future Consideration

This is permission management 101. Every file system since the 1990s has supported it. Yet ACC doesn’t.

What Users Can’t Do

❌

Can’t Remove Inherited Permissions

If you give “Edit” at root, everyone has “Edit” everywhere. No way to restrict subfolders.

❌

Can’t Audit Who Has Access

No comprehensive view of all users and their access levels across folders. (Finally implemented after years of requests.)

❌

Can’t Control Photo Permissions

Photos exist in a separate permission silo. Can’t grant document access without photo access.

❌

Can’t Set Folder-Level Defaults

Every new project starts from scratch. No templates, no standards, no automation.

Real-World Consequences

💰

Scenario 1: The Leaked Bid

Competitive pricing exposed to rival subcontractors

What the GC wants:

/Project Files/

/Bids/

/Electrical/ → Only ElectroCorp sees

/Plumbing/ → Only PlumbWorks sees

/HVAC/ → Only AirFlow Inc sees

What ACC allows: Everyone sees all bid folders

Result: Competitors see each other’s pricing. Bids become meaningless.

📋

Scenario 2: The Compliance Audit

Owner asks: “Who has access to our financial documents?”

What they need:

A report showing every user with access to /Finance/ and their permission level.

What ACC provides:

Click into each of 500 folders manually and check. One. By. One.

👋

Scenario 3: The Departed Employee

Someone leaves. Remove their access from 200 projects.

What should happen:

One , instant removal

What ACC requires:

200 project visits, manual each time

Why This Is a Security Issue

Construction Projects Handle Sensitive Data

💵

Financial

Budgets, bids, change orders

⚖️

Legal

Contracts, insurance, liens

👤

Personnel

Certifications, background checks

📐

Designs, specifications

When permission controls are inadequate, data exposure isn’t a bug — it’s a feature of the system.

What Users Are Asking For

Permission-related feature requests by category

Inheritance Override 175 kudos

Permission Auditing 68 kudos

Photo Permissions 100 kudos

Folder Defaults 72 kudos

Bulk Permission Changes 89 kudos

The RAPS Solution

RAPS v4.0 includes bulk folder permission management:

Grant Permissions Across Projects

# Give a user edit access to Project Files across all projects
raps admin folder rights "$ACCOUNT_ID" "contractor@partner.com" \
  --permission edit --folder project_files

Different Levels for Different Folders

# View-only for Plans folder
raps admin folder rights "$ACCOUNT_ID" "reviewer@client.com" \
  --permission view --folder plans

# Edit for Project Files
raps admin folder rights "$ACCOUNT_ID" "reviewer@client.com" \
  --permission edit --folder project_files

Filter by Project

# Only apply to specific projects
raps admin folder rights "$ACCOUNT_ID" "user@company.com" \
  --permission control --folder project_files \
  --filter "^2024-Confidential"

Permission Levels

Available Permission Levels in RAPS

viewView files only

Least access

view_downloadView and download

Reviewers

uploadAdd new files

Contributors

editModify existing files

Team members

controlFull control + permissions

Administrators

What’s Still Missing

Requires Autodesk to Fix

⚠️ Inheritance override at folder level
⚠️ Photo permission separation
⚠️ Real-time audit logs
⚠️ Cross-project permission views

API doesn’t expose what doesn’t exist in the product.

RAPS Can Help With

✓ Bulk permission provisioning
✓ Automated onboarding/offboarding
✓ Permission extraction to reports
✓ CI/CD permission automation

Automating what the API allows.

The Architectural Issue

ACC was designed for collaboration openness, not enterprise security controls. This works for small teams. It fails for:

Large enterprises with regulatory requirements
Projects with competitive bidding
Organizations with strict data classification
Any context where “least privilege” matters

Recommendations

For AEC Professionals

• Document permission requirements before adopting ACC
• Plan folder structures with limitations in mind
• Use project segmentation when necessary
• Implement automated permission management

For Autodesk

• Implement inheritance override (the #5 request)
• Add comprehensive permission auditing
• Create project templates with permission defaults
• Separate photo permissions from documents

For Developers

• Build tooling that fills permission gaps
• Create audit reports ACC doesn’t provide
• Automate permission provisioning/deprovisioning
• Consider permission management in workflow design

Series Conclusion

What We Learned from 4,295 Feature Requests

Part 1

The 96.6% Problem

Why requests go unanswered

Part 2

Bulk Operations Crisis

The click-by-click productivity drain

Part 3

The Permission Problem

When basic controls are missing

The data reveals a systematic gap between enterprise needs and product capabilities.

For developers and power users: build tooling that fills the vacuum.

RAPS is our contribution. What will you build?

Related: