# Description
Admin can add a member to his personal collection .But if admin removed that user from this collection then that user still can see realtime document update content.

# Proof of Concept
1. From admin account invite “`user-B“` as “`member“` role .

2. From admin account create a private collection called “`collect-1“`.
3. From admin account change above collection permission like bellow
“`
Default Access –> No access
Additional access –> add user-B here with “view and edit” permission
“`
so, “`user-B“` is member of this collection and can see document of this collection.
4. From admin account add a document “`doc-1“` to this newly created collection “`collect-1“` .
5. Now “`user-B“` can edit this document because he is member of this collection.
So , “`user-B“` open this document url “`https://myacc.getoutline.com/doc/dco2-LphFaOA1Ls“` in his browser window and can edit .
All the realtime collaboration data for this document will be available via websocket connection “`https://collaboration.getoutline.com/collaboration/document.1ad60950-9e50-4316-8cd9-6f4ff49d7f31“`
And thats why Keep this browser window open .

6. Now goto admin account and remove “`user-B“` from this collection .
So, now “`user-B“` should not access any document of this collection because user-B is not a member of this collection anymore and default access is “No access”.

7. Now admin edit the content of above document “`doc-1“` .
Now this realtime updated content will be visible to “`user-B“` .
Remember “`user-B“` already keep opened his document url window in “`step-5“` .
Now if admin made any changes to this document content, will be visible to user-B’s window in “`step-5“` .

As “`user-B“` keep opened his browser window so realtime collaboration websocket connection will be still available .
Any changes made by admin to the document will be available to “`user-B“` via “`https://collaboration.getoutline.com/collaboration/document.1ad60950-9e50-4316-8cd9-6f4ff49d7f31“` websocket connection .

So, “`user-B“` removed from this collection but user-B keep that browser window “`opened“` and thats why collaboration websocket connection still alive and “`user-B“` get realtime updated data .
I have checked after 30 minutes of removing “`user-B“` from collection and “`user-B“` still receiving data via this websocket .
So, “`user-B“` can get realtime collaboration data for long time after removed if he can makes the above websocket connection alive for long time .Read More