Claude Cowork access and folder policy

TL;DR. One folder per function, per workspace. Never the home directory, never Documents root, never a network drive without controls. The three-tier policy below is what we hand to mid-market IT teams as a starting template — most companies adopt it with two or three edits.

The default principle#

One folder per function, per workspace. The principle is small and absolute. Every Cowork failure mode in folder permissions starts with someone wanting to grant a "convenient" parent folder, then discovering six months later that Cowork has been seeing the CEO's personal pipeline.

The three-tier folder policy#

Most pilot work starts at Tier 1 and moves to Tier 2 when the team is ready. Tier 3 is for healthcare, regulated financial, and government work; it is not the default.

Granting access — the steps#

1. In the Cowork tab, click Grant folder access.
2. Select the workspace folder. One folder per click.
3. Cowork lists granted folders in settings — review the list monthly.
4. Revoke when a project ends or an operator leaves.

The monthly review is the part most teams forget. Add it to the function's calendar.

Naming and sync#

Encode the following in IT policy:

• One workspace per function: cowork-{function}. Lowercase, hyphens, no spaces.
• Sync via the company's standard cloud client — OneDrive, Google Drive, Dropbox Business. Personal Dropbox accounts are out.
• Workspace folder is its own top-level item. Not nested under personal folders, not buried six levels deep.
• File naming convention documented in CLAUDE.md.

The naming convention sounds trivial. It is the policy clause that breaks ties when two operators disagree about how to organise a sub-folder.

Joiner / mover / leaver#

A short policy block, written for an IT lead to copy:

• Joiner. Add to the workspace cloud sync; have them grant Cowork access on their device; pair with the onboarding session in week one.
• Mover. Revoke their grant on the old workspace before adding to the new one. Same-day, not "we'll get to it."
• Leaver. Revoke grant; remove from cloud sync; reset their CLAUDE.md ownership entry. Treat as a tier-one offboarding action.

The leaver step is the one most teams under-execute. A revoked Anthropic account is not enough — the workspace folder may still be on the laptop and may still be syncing. Off-boarding has to touch both.

Backup and recovery#

• Cowork edits real files. The cloud sync (OneDrive, GDrive, Dropbox) provides versioning — keep version history at least 90 days.
• Tinkso convention for any function with audit requirements: a weekly archive snapshot of the workspace into immutable storage. Pricing on cold-storage-tier cloud objects is trivial; the protection is real.
• Document the rollback procedure in CLAUDE.md. Test it once before scaling beyond the pilot team. Untested rollback is wishful rollback.

Anti-patterns#

• One global "Cowork" folder for all functions. Workspaces blur, conventions drift, accountability evaporates.
• Access granted to Documents or Desktop. Never. Always a dedicated path.
• "Shared" access via copy-paste rather than cloud sync. Versions diverge silently.
• Personal Dropbox accounts for shared workspaces. Use the company-managed sync; otherwise off-boarding is impossible to enforce.

Tinkso's take#

Folder policy is unsexy and decisive. The deployments that scale cleanly past 20 users have a written policy from week one; the deployments that stall do not. We hand clients a template policy and ask IT to red-line it during pre-flight — that is faster than asking them to write one from scratch, and it produces a better policy because the conversation is about edits, not blank pages.

Try this#

Open IT's existing SaaS access policy. Add a Cowork section using the three-tier table above. Send it to your security partner with one question: "is this consistent with our DLP and DPA stance?" Iterate from there. You will be done in a week.