> ## Documentation Index
> Fetch the complete documentation index at: https://docs.equa.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Rooms

> Virtual data room access control — merged into Spec 007 (Documents and DocGen)

# SPEC 008 — Data Rooms

<Note>
  **This spec has been merged into [Spec 007 — Documents and DocGen](/specs/007-documents-and-docgen/spec), Section 3.5 (Data Room Access Control).**

  Data rooms share 100% of the same API endpoints, frontend UI, and backend entities (DirectoryItems, Files) as the general document management system. The only differentiating element is the `DataRoomsMembers` entity, which provides member-level access control for named data rooms.
</Note>

## Status

| Field    | Value                                                                                            |
| -------- | ------------------------------------------------------------------------------------------------ |
| Status   | MERGED into 007                                                                                  |
| Priority | P1 — Core Product                                                                                |
| Redirect | [Spec 007, Section 3.5](/specs/007-documents-and-docgen/spec#35-dataroomsmembers-access-control) |

## Summary of Findings

### What Exists

* **DataRoomsMembers entity** (`schema.ts` lines 164–174): Composite PK of `dataRoomName` (varchar) + `member` (uuid) + `permission` (uuid). Stores per-member access grants for named data rooms.
* **Persistence functions**: `getDataRoomsPermissionsForMember`, `getDataRoomsPermissionsForOrganizationAnUser` (reading), `insertDataRoomsMembers` (writing).
* **Legacy path restriction**: `processRestrictedPath` in `microsoft/src/reading.ts` restricts folder access for non-admin users based on their `dataRoomName` entries. Built for Microsoft Graph/SharePoint storage.

### What Does Not Exist (Gaps)

* **No REST API endpoints** for managing data room membership (grant/revoke access)
* **No frontend UI** for data room member management
* **Legacy Microsoft integration is deprecated** — the path restriction mechanism is not used with the current native S3 file storage

### Recommended Next Steps

A new specification is needed for modern data room access control that:

1. Defines REST endpoints for granting/revoking data room access to members
2. Builds a frontend UI for data room member management
3. Integrates with the current S3-based file storage (not legacy Microsoft Graph)
4. Considers Google Drive integration (`equa-server/modules/google-drive/`) as an alternative storage backend
5. Reuses the existing `DataRoomsMembers` entity or refactors it for the modern architecture
