[{"data":1,"prerenderedAt":185},["ShallowReactive",2],{"doc:\u002Fv\u002F2026.3\u002Fadmin\u002Fteam-access-and-permissions":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"section":10,"version":11,"lastUpdated":12,"body":13,"_type":179,"_id":180,"_source":181,"_file":182,"_stem":183,"_extension":184},"\u002Fv\u002F2026.3\u002Fadmin\u002Fteam-access-and-permissions","admin",false,"","Team access and permissions","Configure Workspace369 roles, module permissions, client-scoped access, ownership, and review practices for teammates and contractors.","Administration","2026.3","2026-07-11",{"type":14,"children":15,"toc":169},"root",[16,24,38,45,50,56,61,66,72,77,83,88,103,109,114,120,125,154,160],{"type":17,"tag":18,"props":19,"children":20},"element","p",{},[21],{"type":22,"value":23},"text","Workspace access should follow responsibility. Give each person enough access to complete assigned work while limiting unrelated client, finance, communication, and administrative visibility.",{"type":17,"tag":18,"props":25,"children":26},{},[27,29,36],{"type":22,"value":28},"For the invitation and client-assignment workflow, see ",{"type":17,"tag":30,"props":31,"children":33},"a",{"href":32},"\u002Fv\u002F2026.3\u002Fadmin\u002Finvite-member-configure-access\u002F",[34],{"type":22,"value":35},"Invite a member and configure access",{"type":22,"value":37},".",{"type":17,"tag":39,"props":40,"children":42},"h2",{"id":41},"plan-access-by-responsibility",[43],{"type":22,"value":44},"Plan access by responsibility",{"type":17,"tag":18,"props":46,"children":47},{},[48],{"type":22,"value":49},"List what each role needs to view, create, update, approve, export, or administer. Configure access from those responsibilities instead of copying a broad role simply because it already exists.",{"type":17,"tag":39,"props":51,"children":53},{"id":52},"use-client-scoped-access",[54],{"type":22,"value":55},"Use client-scoped access",{"type":17,"tag":18,"props":57,"children":58},{},[59],{"type":22,"value":60},"Client-scoped access is useful for account managers, contractors, and other team members who should only see assigned clients and the work inherited from those clients.",{"type":17,"tag":18,"props":62,"children":63},{},[64],{"type":22,"value":65},"Review the entire inherited workflow: projects, tasks, schedules, files, messages, requests, and billing can contain different levels of sensitive information.",{"type":17,"tag":39,"props":67,"children":69},{"id":68},"separate-work-from-administration",[70],{"type":22,"value":71},"Separate work from administration",{"type":17,"tag":18,"props":73,"children":74},{},[75],{"type":22,"value":76},"Someone who delivers client work may not need access to workspace configuration, subscriptions, team management, broad reporting, or finance. Keep administrative access narrow and review it when responsibilities change.",{"type":17,"tag":39,"props":78,"children":80},{"id":79},"test-the-actual-experience",[81],{"type":22,"value":82},"Test the actual experience",{"type":17,"tag":18,"props":84,"children":85},{},[86],{"type":22,"value":87},"After configuring a role, test with an account that represents that role. Confirm both sides:",{"type":17,"tag":89,"props":90,"children":91},"ul",{},[92,98],{"type":17,"tag":93,"props":94,"children":95},"li",{},[96],{"type":22,"value":97},"The person can complete every required workflow.",{"type":17,"tag":93,"props":99,"children":100},{},[101],{"type":22,"value":102},"The person cannot open unrelated clients or restricted modules.",{"type":17,"tag":39,"props":104,"children":106},{"id":105},"review-access-regularly",[107],{"type":22,"value":108},"Review access regularly",{"type":17,"tag":18,"props":110,"children":111},{},[112],{"type":22,"value":113},"Review permissions when a teammate joins, changes roles, stops working with a client, or leaves the organization. Enterprise audit trails can help authorized administrators understand relevant changes and activity.",{"type":17,"tag":39,"props":115,"children":117},{"id":116},"troubleshoot-an-access-denial",[118],{"type":22,"value":119},"Troubleshoot an access denial",{"type":17,"tag":18,"props":121,"children":122},{},[123],{"type":22,"value":124},"If a user sees an unexpected access message:",{"type":17,"tag":126,"props":127,"children":128},"ol",{},[129,134,139,144,149],{"type":17,"tag":93,"props":130,"children":131},{},[132],{"type":22,"value":133},"Confirm the active workspace and account.",{"type":17,"tag":93,"props":135,"children":136},{},[137],{"type":22,"value":138},"Verify the role and module permission.",{"type":17,"tag":93,"props":140,"children":141},{},[142],{"type":22,"value":143},"Check client assignment when access is client-scoped.",{"type":17,"tag":93,"props":145,"children":146},{},[147],{"type":22,"value":148},"Refresh the application after the permission change has been saved.",{"type":17,"tag":93,"props":150,"children":151},{},[152],{"type":22,"value":153},"Contact support with the user role, page, and expected action if access remains incorrect.",{"type":17,"tag":39,"props":155,"children":157},{"id":156},"next-step",[158],{"type":22,"value":159},"Next step",{"type":17,"tag":18,"props":161,"children":162},{},[163,168],{"type":17,"tag":30,"props":164,"children":165},{"href":32},[166],{"type":22,"value":167},"Invite a member, choose a role, and configure client access",{"type":22,"value":37},{"title":7,"searchDepth":170,"depth":170,"links":171},2,[172,173,174,175,176,177,178],{"id":41,"depth":170,"text":44},{"id":52,"depth":170,"text":55},{"id":68,"depth":170,"text":71},{"id":79,"depth":170,"text":82},{"id":105,"depth":170,"text":108},{"id":116,"depth":170,"text":119},{"id":156,"depth":170,"text":159},"markdown","content:v:2026.3:admin:team-access-and-permissions.md","content","v\u002F2026.3\u002Fadmin\u002Fteam-access-and-permissions.md","v\u002F2026.3\u002Fadmin\u002Fteam-access-and-permissions","md",1783880375065]