Understanding Access, Teams, and Sharing
This article explains how StructureGram controls who can see and work on your data, so you can set up the right access structure for your organisation.
Groups Are the Access Boundary
Everything in StructureGram is organised into Groups. A Group typically represents a client or project. Access control in StructureGram is about deciding who can see and work on each Group.
This matters when your organisation has different working groups, external advisers, or client users who should only have visibility of selected Groups.
Permission Levels
Every person who can access a Group has one of four permission levels for that Group:
| Level | Can view | Can edit | Can delete group data | Can manage access |
|---|---|---|---|---|
| Viewer | Yes | No | No | No |
| Editor | Yes | Yes | No | No |
| Group Manager | Yes | Yes | Yes | No |
| Tenancy Admin | Yes | Yes | Yes | Yes |
Only Tenancy Admins can manage access settings.
Two Places to Manage Access
Access is managed in two places, and keeping them distinct is the key to understanding the whole system.
Account Settings → Team Tenancy-wide settings that apply across all Groups — who is in your organisation, what role they have, and what access they get by default.
The Team button on a Group Settings that apply to that one Group only — whether the Group is open or restricted, and any exceptions for specific members or teams.
Organisation-Wide Defaults
When you invite someone to StructureGram, you choose two things:
- Their role — Tenancy Admin, Internal Member, or External Guest
- Their default access — what they can do across all open Groups by default
Both are managed in Account Settings → Team → Members.
For internal members, the available defaults are:
| Default | What it means |
|---|---|
| Member - View | Can view all open Groups |
| Member - Edit | Can view and edit all open Groups |
| Member - Group Admin | Can view, edit, and create and delete data in all open Groups |
| Member - Granted Only | No default access — sees no Groups until access is explicitly granted |
These defaults apply across every open Group in the tenancy. They are the baseline — individual Groups can then override them.
Two Approaches to Access
Before configuring anything, it helps to decide which approach suits your organisation.
Everyone sees everything (broad defaults): Set all internal members to Member - View or Member - Edit. Members can see all Groups from the moment they join. This works well for smaller firms where everyone works collaboratively across all clients or projects.
Members see nothing until granted access (tight defaults): Set internal members to Member - Granted Only. Members see no Groups when they join. Access is then granted Group by Group — either individually or through Teams. This works well for larger organisations, or those with sensitive client data that should only be visible to the team working on it.
Most organisations fall somewhere between these two approaches, and StructureGram's layers of control are designed to support both. See Access Strategy and Permissions for guidance on choosing between them.
Open and Restricted Groups
Each Group has a Member baseline access setting, managed from the Group's Team button.
- Open — internal members can access the Group according to their tenancy-wide default
- Restricted — member defaults do not apply; access must be granted explicitly
Restricted Groups are useful for sensitive matters where only specific people should have visibility, regardless of what their organisation-wide default would otherwise give them.
Overrides
Defaults and baseline settings cover most situations, but sometimes you need exceptions. StructureGram handles this through overrides, set from the Team button on a Group.
Member Overrides
A member override gives one internal member a different access level on one Group. Overrides are additive — they can only upgrade someone's access, not reduce it below their default or team access.
For example, if a member's default is Member - View, you can override them to Group Editor or Group Manager on a specific Group.
Use member overrides for one-off exceptions.
Team Overrides
A Team is a named group of internal members. When you assign a Team to a Group, every member of that Team receives the access level you choose for that Group — Viewer, Editor, or Group Manager.
If a new Group is later assigned to the Team, members automatically get access to it.
Teams are managed in Account Settings → Team → Teams. Member defaults and roles are managed in Account Settings → Team → Members. Access is assigned to a Team from the Team button on the relevant Group.
Use Teams when the same set of people needs the same access across multiple Groups. They're especially useful when combined with Member - Granted Only defaults — members start with nothing, and their access is built up through team assignments rather than one-by-one overrides.
Guest Sharing
External users — clients, advisers, or other collaborators — are invited as External Guests. Guest access works differently to internal member access:
- Guests must be explicitly shared on each Group they need to access, using the Share button on the Group
- Guests can only be shared as Viewer or Editor
- Guests do not inherit access from open Groups
- Guests cannot be added to Teams or manage access
Tenancy Admins can review all active guest access across the organisation from Account Settings → Sharing.
Use Guest Sharing for anyone outside your organisation who needs to see or work on specific Groups.
Choosing the Right Approach
| Situation | Recommended approach |
|---|---|
| Everyone works across all Groups | Set broad member defaults (View or Edit) |
| Access should be granted Group by Group | Set members to Member - Granted Only, use Teams |
| A Group should only be visible to specific people | Set the Group to Restricted |
| One person needs different access on one Group | Use a member override |
| A team of people needs access across multiple Groups | Create a Team, assign it to the relevant Groups |
| An external person needs access to a specific Group | Use Guest Sharing |