Access Strategy and Permissions
Context and Why This Exists
StructureGram gives you two practical ways to manage access:
- Give people a baseline level of access across open groups.
- Start with no baseline access and grant access only where needed.
The right approach depends on the size of your organisation, how confidential your groups are, and how much administration you want to manage.
Option 1: Open by Default, Then Restrict or Upgrade
This is the simpler approach.
Users are given a baseline permission such as Member - View, Member - Edit, or Member - Group Admin. That baseline applies to groups where baseline access is turned on.
Use this approach when:
- Most users can access most client groups.
- You want new groups to be available without extra setup.
- You are a smaller accounting, legal, or advisory firm.
- You only need to restrict a small number of sensitive groups.
Example setup:
| User type | Suggested access |
|---|---|
| Principal or partner | Member - Group Admin |
| Manager or senior adviser | Member - Edit or Member - Group Admin |
| Intermediate staff | Member - Edit |
| Junior staff | Member - View or Member - Edit |
| Administration or support staff | Member - View |
The benefit is simplicity. When a new group is created with baseline access on, users automatically receive their normal baseline access.
Option 2: Closed by Default, Then Grant Access
This is the stricter approach.
Users are invited with Member - No Baseline Access. They are part of the organisation, but they do not receive default access to groups. Access is then granted through teams or individual member overrides.
Use this approach when:
- Different departments should only see their own client groups.
- Users should not see hundreds of unrelated groups.
- Some client groups are confidential.
- You are a larger firm with more formal access controls.
Example setup:
- Invite users with Member - No Baseline Access.
- Create teams such as Corporate, Tax, Insolvency, Estate Planning, or Administration.
- Add users to the relevant teams.
- Grant each team access to the relevant client groups.
- Use individual member overrides only where a specific person needs different access.
The benefit is tighter control. The trade-off is that new groups need to be assigned to the right team or users will not automatically receive access.
Using Restricted Groups
You can also combine both approaches.
For example, your organisation may usually work open by default, but one confidential client group should only be visible to selected people. In that case:
- Keep most groups open to baseline access.
- Turn baseline access off for the confidential group.
- Grant access to selected members or teams only.
This lets you keep the normal workflow simple while still protecting sensitive work.
When to Use Teams
Use teams when the same set of people needs access to several groups.
For example, you may have teams for:
- Corporate.
- Tax.
- Insolvency.
- Estate Planning.
- Administration.
If the Corporate team has access to Groups A, B, and C, a new Corporate team member automatically receives access to those groups. When they are removed from the team, that team-based access is removed.
Teams are usually better than individual overrides when access follows a department or recurring working group.
When to Use Member Overrides
Use member overrides for exceptions.
For example, a user may usually have Member - View, but they manage one client group and need Group Editor access for that group.
Member overrides are useful when one person needs access that does not match their baseline role or team membership.
Practical Recommendation
For smaller firms, start with baseline access. Use Member - Group Admin, Member - Edit, and Member - View to match how people normally work, then restrict only the groups that need tighter control.
For larger firms, start with Member - No Baseline Access for many users. Use teams to grant department-based access, and use member overrides for individual exceptions.