Merge pull request #120 from cryptomator/feature/early-access-features

* Hub early access page
* emergency access page
* reworked users and groups
* files-in-use feature

Author: infeo

docs/desktop/files-in-use.md

@@ -0,0 +1,60 @@
+---
+id: files-in-use
+title: Files in Use
+sidebar_position: 18
+---
+
+# Files in Use
+
+:::info
+This feature is only available for [Cryptomator Hub](/docs/hub/introduction.md) vaults.
+:::
+
+When multiple people work in a shared vault, two users might try to edit the same file at the same time.
+The **Files in Use** feature helps prevent accidental overwrites in this situation.
+
+## When This Feature Applies {#when-this-feature-applies}
+
+You can run into concurrent edits when:
+
+- a Cryptomator Hub vault is used by multiple team members
+- the vault is synced across multiple devices
+- the vault is accessed over a network share
+
+If another user is currently editing a file, Cryptomator can block opening that file for writing on your side.
+
+:::note
+The usage information is passed with the files being edited.
+Therefore, it requires either the vault residing on shared storage (for example, a network share) or file synchronization.
+In the latter case, it takes around 10s until the status is synchronized to other devices (depending on the sync app).
+:::
+
+## What You Will See {#what-you-will-see}
+
+If a file is currently in use by someone else, Cryptomator shows a notification in the app.
+This means another device or user has an active edit session for that file.
+
+<Image src="/img/desktop/files-in-use-notification.png" alt="Cryptomator notification for a file currently in use" />
+
+## What You Can Do {#what-you-can-do}
+
+In most cases, the best action is to wait until the other person finishes editing and then try again.
+
+You can also choose to ignore the use status and continue.
+Use this only if you are sure it is safe, because forcing access can overwrite someone else's newer changes.
+
+We recommend the following sequence when receiving a "File is in use" notification:
+1. Ask the person shown in the notification whether they are still editing the file.
+1. If they already closed the file but it is still shown as "in use", use "Ignore Use Status".
+1. Open a file marked as in use without checking with teammates only in exceptional situations.
+1. In that case, create a backup copy first to avoid losing edits.
+
+## Stale Use Status {#stale-use-status}
+
+The use status is cleared after some time without file updates (around 10 min).
+If this happens, access is possible again.
+This helps in cases such as device sleep, crashes, or interrupted sessions.
+
+## Related Topics {#related-topics}
+
+- [Synchronization Conflicts](/docs/desktop/sync-conflicts.md)

docs/hub/admin.md

@@ -80,6 +80,24 @@ The following events are logged:
 - **Reset User Account** – A user [reset their account](your-account.md#reset-account).
 - **User Keys Change** – A user changed their keys. This happens when, e.g., the user [finished the account setup](your-account.md#account-setup) or when the `Account Key Changed`.
 
+
+#### Emergency Access {#event-type-emergency-access}
+
+:::info Early Access
+This feature is currently in **early access** and will be fully available in version 1.5.0.
+:::
+
+- **Emergency Access Setup** – A vault owner set up or updated the Emergency Access configuration for a vault (e.g. by assigning council members in Vault Details).
+- **Emergency Access Settings Updated** – An admin changed the global Emergency Access settings.
+- **Emergency Access Recovery Started** – A council member started an Emergency Access recovery process.
+- **Emergency Access Recovery Approved** – A council member approved a running recovery process.
+- **Emergency Access Recovery Completed** – A council member completed a recovery process.
+- **Emergency Access Recovery Aborted** – A council member aborted a running recovery process.
+
+:::note
+When a council member starts a recovery process both `Emergency Access Recovery Started` and `Emergency Access Recovery Approved` is logged.
+:::
+
 #### Legacy {#event-type-legacy}
 
 - **Claim Vault Ownership** – A user claimed vault ownership. This event is logged when a vault created with hub pre 1.3.0 is claimed by the vault creator using the `Vault Admin Password`.
@@ -132,3 +150,30 @@ If a user resets their account, their [User Key Pair](/docs/security/hub.md#user
 Additionally, any existing trust chains that included the user will be broken, requiring re-verification to restore trust.
 :::
 
+
+## Emergency Access {#emergency-access}
+
+:::info Early Access
+This feature is currently in **early access** and will be fully available in version 1.5.0.
+:::
+
+This configuration defines default [Emergency Access](emergency-access.md) values for new or updated vaults.
+
+<Image src="/img/hub/admin-emergency-access.png" alt="Emergency Access" width="1440" height="658" />
+
+Enable `Enable Emergency Access` and configure:
+
+* `Required Keys`: Number of required key shares
+* `Keyholders`: Default council members (only activated users)
+* Optional: `Let vault owners choose different keyholders`
+* Optional: `At least` (minimum members if owners can choose a different council)
+
+:::warning
+A council without redundancy (`Required Keys == number of council members`) is possible, but not recommended.
+:::
+
+:::info Enterprise Feature
+The following Audit Log feature is available only in the **Enterprise Edition**:
+
+- Emergency Access Audit Logs
+:::

docs/hub/early-access.md

@@ -0,0 +1,12 @@
+---
+id: early-access
+title: Early Access
+sidebar_position: 10
+---
+
+# Early Access
+
+These features are currently in **early access** and will be fully available in **Cryptomator Hub 1.5.0**.
+
+- [User & Group Management](/hub/user-group-management) — Manage users, groups, roles, and permissions directly in Hub
+- [Emergency Access](/hub/emergency-access) - Restore access to a vault in case of account loss or ownership issues

docs/hub/emergency-access.md

@@ -0,0 +1,137 @@
+---
+id: emergency-access
+title: Emergency Access
+sidebar_position: 9
+---
+
+# Emergency Access
+
+:::info Early Access
+This feature is currently in **early access** and will be fully available in version 1.5.0.
+:::
+
+Emergency Access restores access to a vault inside Cryptomator Hub in case of account loss or ownership issues.
+Its process requires a group of trusted users (the "council") to approve the recovery.
+When enough approvals are collected, the emergency change is completed and vault management access is restored.
+Technically, this is implemented using key splitting based on **[Shamir's Secret Sharing](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing)**.
+
+## Setup Emergency Access
+
+The feature can be activated for new and existing vaults:
+
+* **New vaults:** During vault creation, use the `Define Emergency Access Conditions` step.
+  For the full workflow, see [Vault Management](vault-management.md#create-a-vault).
+* **Existing vaults:** Open `Vault Details` and [configure Emergency Access](vault-management.md#emergency-access-council).
+
+## Starting a Recovery Process
+
+To start, open the `Emergency Access` page, select the vault, and start the desired process.
+
+<Image src="/img/hub/emergency_access_vault_list.png" alt="Emergency Access Vault List" width="2560" height="1080" />
+
+There are two process types:
+
+1. `Change Emergency Access Council`: Change Emergency Access council and threshold
+2. `Choose Vault Members`: Choose vault owners/members
+
+:::info
+Only one running process per type is allowed for the same vault.
+:::
+
+Use this quick guide to choose the right process:
+
+| If you want to... | Start this process |
+| --- | --- |
+| Give vault access to different users (owners/members) | `Choose Vault Members` |
+| Remove access from specific users | `Choose Vault Members` |
+| Replace council members who approve emergency operations | `Change Emergency Access Council` |
+| Change how many council approvals are required (threshold) | Configurable in the [admin settings](../admin#emergency-access) |
+
+:::note
+Starting a process automatically approves the process.
+:::
+
+
+### Choose Vault Members
+
+The `Choose Vault Members` process allows you to select new vault `Owners` or `Members`.
+
+Users that are no longer part of the vault are shown as `Removed`.
+
+<Image src="/img/hub/emergency_access_change_permissions_start.png" alt="Emergency Access Vault List" width="2560" height="1080" />
+
+
+### Change Emergency Access Council
+
+The `Change Emergency Access Council` process allows you to select a new council.
+
+The minimum required number of members is configured in the [Admin settings](admin.md#emergency-access).
+
+<Image src="/img/hub/emergency_access_change_council_start.png" alt="Emergency Access Vault List" width="2560" height="1080" />
+
+## Approve a Recovery Process
+
+To view or approve running Emergency Access processes, open the `Emergency Access` list.
+If for a vault an Emergency Access process is running, the vault is displayed with a process button.
+If you haven't approved the process, the button includes `Approve now`.
+
+<Image src="/img/hub/emergency_access_vault_list_change_council_approve_now.png" alt="Emergency Access Vault List Approve Now" width="2560" height="1080" />
+
+Approve a running process in three steps:
+
+1. Open the vault in the `Emergency Access` list.
+2. Click `Approve now` to open the `Approve Emergency Access` dialog.
+3. Review the details and click `Approve`.
+
+<Image src="/img/hub/emergency_access_vault_list_change_council_approve_dialog.png" alt="Emergency Access Vault List Approve Dialog" width="2560" height="1080" />
+
+After submitting your share, the button shows `Waiting for other approvals`. You can track the ongoing process progress in the same process button and its details popover.
+
+
+You can also inspect details before approving. Hover (or click) the segment ring area on the left side of the process button to open the process details popover. The popover shows:
+
+* process type and required approvals
+* current progress
+* process council members
+* per-member status (`Added` / `Pending`)
+
+<Image src="/img/hub/emergency_access_vault_list_hover_process.png" alt="Emergency Access Vault List Hover Process" width="2560" height="1080" />
+
+## Complete a Recovery Process
+
+As soon as enough shares are available, the process button in the `Emergency Access` vault list shows `Complete now`.
+
+<Image src="/img/hub/emergency_access_vault_list_change_council_complete_now.png" alt="Emergency Access Vault List Complete Now" width="2560" height="1080" />
+
+Click `Complete now` to open the `Complete Emergency Access` dialog. In this dialog, review the process details and click `Complete Process` to finalize the recovery process.
+
+<Image src="/img/hub/emergency_access_vault_list_change_council_complete_dialog.png" alt="Emergency Access Vault List Complete Dialog" width="2560" height="1080" />
+
+Results by type:
+
+* `Choose Vault Members`: Vault roles are updated and required access grants are redistributed.
+* `Change Emergency Access Council`: The old council is replaced by the new council.
+
+After successful completion, the process is removed.
+
+## Abort a Recovery Process
+
+Running processes can be canceled in the dialog using `Abort this Process`.
+
+<Image src="/img/hub/emergency_access_vault_list_change_council_abort_dialog.png" alt="Emergency Access Vault List Abort Dialog" width="2560" height="1080" />
+
+
+## Typical States and Notes
+
+The following warning states can appear in the Emergency Access list:
+
+* `No Vault Council Member anymore`: The user is still part of a running process but no longer part of the current vault council.
+  What to do: Ask a current council member to start a new process with the correct council composition.
+* `Broken Emergency Access`: Too few valid shares remain (for example after council members reset their accounts).
+  What to do: Reconfigure the council in vault details and ensure enough active council members can provide shares.
+* `No Redundancy`: No fault tolerance in the council.
+  What to do: Increase the number of council members or reduce the required threshold so one unavailable user does not block recovery.
+
+## Audit Log Events
+
+See [Emergency Access Audit Log events](admin.md#event-type-emergency-access).