Guide
Default visibility
Admin access with architect mode on required.
Manage who can see all users in your workspace and whom all other users can also see in Users → Access:
The visibility is enforced throughout the workspace: someone without the right permissions won't be able to find, assign, or mention a person they aren't supposed to know about.
You can also audit who has access to a certain User by holding Option/Alt key in their context menu.
Everyone including guests
Who (rows) see whom (columns) | Admins | Members | Observers | Guests |
Admins | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Members | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Observers | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Guests | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Everyone but guests
Who (rows) see whom (columns) | Admins | Members | Observers | Guests |
Admins | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Members | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Observers | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Guests | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | ❌ |
Everyone with a trusted domain
Who (rows) see whom (columns) | @trusted.domain | not @trusted.domain |
@trusted.domain | :kot-checkmark: | :kot-checkmark: |
not @trusted.domain | :kot-checkmark: | ❌ |
Admins can still see everyone and be seen by everyone even if they are outside of the trusted domain.
Admins
Who (rows) see whom (columns) | Admins | Members | Observers | Guests |
Admins | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: | :kot-checkmark: |
Members | :kot-checkmark: | ❌ | ❌ | ❌ |
Observers | :kot-checkmark: | ❌ | ❌ | ❌ |
Guests | :kot-checkmark: | ❌ | ❌ | ❌ |
User Group members visibility
By default, members of the same User Groups can see each other, even if you've configured strict default visibility.
If you'd prefer members not to see each other, you can turn off the corresponding toggle in Users → Access:
Alternatively, you can disable it in the Access settings of a particular User Group DB:
Simply remove the default Member template next to your User Group membership Field.
User management
By default, only Admins can manage Users. If you, as an Admin, find yourself a bottleneck and would like to delegate user management to someone else, you can do so:
Go to Users → Access
Find Who can manage all users setting
Select Users and User Groups
This feature is exclusive to Pro and Enterprise plans.
Capabilities
This delegates the following powers regarding Users:
Some powers stay with Admins:
Deactivate, demote, or delete other Admins.
Change who can manage all Users.
Configure SAML SSO and other workspace settings, even if they are user-related.
Access templates
Visibility
Ensure people working on the same thing can see each other, even if you've configured a strict default users visibility.
Use Custom Access Templates for Sharing Entities and extend access via People Fields:
User management
Let team leaders and heads of departments manage their users, so you don't become a bottleneck every time someone is promoted (or laid off 😬).
In addition to delegating the entire user management to someone, you can also extend user-related capabilities via Custom Access Templates for Sharing Entities:
We are confident you (as always) will find a dozen more creative ways to utilize this functionality, but here's our go-to suggestion:
Add Head Field to your Team/Department DB.
Create a Manager custom access template that extends user-management capabilities via Members Field.
Automatically Share Entities with Assigned People via Head Field using that Manager template.