Permission System
KroWork strictly adheres to the principle of least privilege, requiring explicit user authorization for all sensitive operations. The system offers three permission approval modes to suit different usage scenarios, balancing security and efficiency.
1. Permission Mode Overview
| Mode | Use Case | Operation Approval | Security Level |
|---|---|---|---|
| Default Mode | First-time use, sensitive data | All risky operations require manual confirmation | Highest |
| Auto Mode | Experienced users, repetitive tasks | Routine operations auto-approved; high-risk requires confirmation | High |
| Full Access Mode | Batch automation, non-sensitive local data | Only destructive operations are blocked | Standard |
2. Default Mode
Core Logic: All operations involving risks or exceeding the defined usage scope require manual user approval before execution.
Use Cases:
- First-time use of KroWork
- Handling sensitive data (e.g., financial reports, customer information)
- Scenarios with extremely high requirements for operational security
Features:
- You personally oversee every high-risk step
- Maintain clear control over every capability call
- Eliminate risks caused by misoperation at the source
Recommendation
If you are new to KroWork, we recommend starting with Default Mode. Once you are familiar with the approval workflows, you can switch to other modes as needed.
3. Auto Mode
Core Logic: The AI automatically identifies safe and compliant routine operations, authorizing their execution without manual confirmation. Only high-risk operations trigger approval requests.
Use Cases:
- Experienced users who understand the boundaries of each feature
- Running highly repetitive automated tasks (e.g., batch format conversion, scheduled report generation)
- Scenarios where you want to reduce frequent pop-up interruptions and improve workflow fluidity
Features:
- Safe operations are allowed instantly without individual confirmation
- High-risk actions are still proactively blocked and require approval
- Balances operational efficiency with data security
Examples of auto-approved operations:
- Reading local file contents
- Running routine data queries and organization
- Generating reports and documents
Examples of operations still requiring manual approval:
- Deleting or overwriting important files
- Modifying system configurations
- Accessing sensitive data or making external requests
4. Full Access Mode
Core Logic: Grants permissions for most routine operations, only blocking high-risk destructive actions such as deleting system files or formatting disks. All other operations are automatically allowed.
Use Cases:
- Batch automation processing (e.g., large-scale data cleaning, bulk file conversion)
- Handling non-sensitive local data
- Professional scenarios requiring maximum operational efficiency
Features:
- Almost no approval pop-ups, keeping your workflow uninterrupted
- Ideal for fully controlled local automated workflows
- Retains a final block on destructive operations to prevent irreversible system risks
Important
While Full Access Mode offers maximum efficiency, please ensure you use it in a controlled environment. When handling tasks involving privacy or sensitive data, we recommend switching back to Default Mode or Auto Mode for finer-grained permission control.
5. Permission Approval Workflow
When an operation triggers approval, KroWork follows this process:
Step 1: Operation Detection
The system analyzes the current operation's type and risk level in real time to determine whether user authorization is required.
Step 2: Risk Notification
For operations requiring approval, the system displays a permission request pop-up with the following details:
- The specific action being performed
- The potential impact of the operation
- The files or resources involved
Step 3: User Decision
You can choose to:
- Allow — Authorize the current operation and continue the task
- Deny — Cancel the current operation; the task is paused or rolled back
Step 4: Execution & Logging
Once authorized, the system executes the operation and logs the approval record for post-hoc auditing and traceability.
6. Security Safeguards
Regardless of which permission mode you choose, KroWork always maintains the following security baseline:
- Destructive operation blocking — Irreversible operations such as deleting system files or formatting disks are blocked in all modes
- Full traceability — All approved operations are logged and available for review
- Emergency brake — You can immediately terminate all running tasks at any time using the emergency stop function
- Mode switching — You can flexibly switch between permission modes at any time based on the security requirements of your current task
7. FAQ
How do I switch between permission modes?
Go to the "Security & Permissions" section in KroWork Settings to select and switch between the three permission modes. Changes take effect immediately without restarting the application.
What if I accidentally denied a permission request?
If you accidentally clicked "Deny," simply re-initiate the same operation. The system will display the approval request again. A denied operation does not affect your current data or files in any way.
Is Full Access Mode a security risk?
In Full Access Mode, the system still blocks high-risk destructive operations (such as deleting system files), ensuring the core security baseline is never breached. However, when working with sensitive data, we recommend using Default Mode or Auto Mode for more granular permission control.
Can I view my permission approval history?
Yes. KroWork logs every permission approval action. You can review the complete approval history in the operation logs for security auditing purposes.