Team Management
Context and Why This Exists
Team management controls who belongs to your organisation and how internal members are grouped for access purposes.
Use it to invite staff, choose each member's default group access, and create teams that can receive group access together.
What the Feature Does
The Account > Team page lets administrators:
- Invite internal members.
- Change member roles and default group access.
- Remove members from the organisation.
- Manage pending invitations.
- Create, rename, and delete teams.
- Add or remove members from teams.
- Update a user's team memberships.
Guests are managed separately through group sharing and Account > Sharing.
Member Roles and Defaults
| Product role | Organisation role | Default group access |
|---|---|---|
| Admin - Tenancy | Admin | Full organisation access and administration. |
| Member - Group Admin | Member | Group Manager access by default. |
| Member - Edit | Member | Editor access by default. |
| Member - View | Member | Viewer access by default. |
| Member - No Baseline Access | Member | No default group access. Access must be granted by group or team. |
Member defaults apply to open groups. Restricted groups require tenancy admin access, a member override, or a team override.
Use Member - No Baseline Access when someone should belong to the organisation but should not automatically see open groups. They can still receive access through a team or a specific group override.
Use Member - Group Admin when someone should be able to create new groups. Member - Edit is enough to edit data in accessible groups, but it does not include group creation. If someone reports that Create Group is missing, see Create Group Option Missing.
Allowing Member - Edit Users to Create Groups
On the Members tab, admins can turn on "Allow Member - Edit users to create groups". This is a firm-level policy, off by default.
When it is on, any Member - Edit user can create groups. The creator automatically becomes Group Manager of any group they create — they can edit, delete, manage access, invite external guests, and restrict the group, but only for groups they created. New groups created this way are visible to the organisation by default, the same as admin-created groups; the creator or an admin can restrict a group afterwards. Member - View and lower still cannot create groups.
Turning the policy off later stops new creations and hides Create Group for Member - Edit users, but it does not change any existing group or remove access from groups a member already created.
Inviting Members
- Go to Account > Team.
- Find Invite New Member.
- Enter the person's email address.
- Choose their product role.
- Click Invite.
The invitation is sent to the selected email address. The recipient must sign in with that email address to accept it.
Changing a Member's Role
- Go to Account > Team.
- Find the member in the team member list.
- Change their role from the role selector.
- Confirm any prompts shown by the app.
Changing the role changes their organisation-level role and default group access. It does not remove explicit group or team overrides.
Creating and Managing Teams
- Go to Account > Team.
- In Teams, enter a name under Create Team.
- Click Create Team.
- Use Team Details to select, rename, or delete a team.
- Use Team Membership to manage members of a selected team.
- Use User Team Membership to manage membership for a selected user.
Only active internal members are eligible for team membership. Guests cannot be added to teams.
Using Teams for Group Access
After creating a team, grant it access from a group:
- Go to Groups.
- Click Team on the target group.
- Use Team Overrides.
- Select the team.
- Choose Group Viewer, Group Editor, or Group Manager.
- Click Add Override.
Every active member of that team receives the team's access for that group, unless they already have stronger access.
Example: if the Corporate team is given access to Client Groups A, B, and C, a new Corporate team member automatically receives access to those groups. If they leave the Corporate team, that team-based access is removed.
Edge Cases and Expected Behavior
If a member does not appear as eligible for a team, they may already be in that team, may not be active, or may be a guest.
If deleting a team removes someone's access to a group, that access was coming from the team override. Direct member overrides and member defaults are not removed.
If a user still has access after being removed from a team, check their member default access and direct group overrides.
Best Practice
Use product roles for broad defaults. Use teams for repeated group access patterns. Use individual member overrides only when one person needs an exception.
For larger organisations, consider setting many members to Member - No Baseline Access or Member - View, then grant working access through teams.
For smaller organisations, broad baseline roles are often simpler. For larger organisations, teams reduce the need to manage each user's group access one by one.