Team Permissions
Manage access and control what team members can do.
Permission Levels
Team Roles
| Role | Level | Description |
|---|---|---|
| Owner | Highest | Full control, billing, can delete team |
| Admin | High | Manage members and settings |
| Member | Standard | Normal team access |
| Guest | Limited | Specific project access only |
Role Comparison
| Permission | Owner | Admin | Member | Guest |
|---|---|---|---|---|
| View team projects | ✅ | ✅ | ✅ | ❌ |
| Create projects | ✅ | ✅ | ✅ | ❌ |
| Manage team settings | ✅ | ✅ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ❌ | ❌ |
| Remove members | ✅ | ✅ | ❌ | ❌ |
| Manage billing | ✅ | ❌ | ❌ | ❌ |
| Delete team | ✅ | ❌ | ❌ | ❌ |
| Transfer ownership | ✅ | ❌ | ❌ | ❌ |
Managing Roles
Assigning Roles
When inviting:
- Click Invite Members
- Enter email
- Select role from dropdown
- Send invitation
For existing members:
- Go to Team Settings → Members
- Find the member
- Click their current role
- Select new role
Changing Roles
Only owners and admins can change roles:
- Go to Team Settings → Members
- Find the member
- Click the role dropdown
- Select new role
- Change is immediate
Demoting Yourself
Be careful - if you demote yourself:
- Another admin must restore you
- Or the owner must intervene
- You lose the permissions immediately
Owner Permissions
What Owners Can Do
Owners have full control:
- All admin permissions
- Manage billing and subscription
- Delete the team
- Transfer ownership
Transferring Ownership
To make someone else the owner:
- Go to Team Settings → General
- Click Transfer ownership
- Select new owner (must be admin)
- Confirm with password
- You become an admin
Multiple Owners
Each team has exactly one owner. For shared responsibility:
- Have multiple admins
- Document who handles what
- Consider business plans with enhanced controls
Project Permissions
Project Access Levels
Within projects, additional access control:
| Level | Permissions |
|---|---|
| Full access | Everything, including delete |
| Can manage | Add/remove members, edit settings |
| Can edit | Create/edit tasks and content |
| Can view | Read-only access |
Setting Project Access
- Open project
- Click Share or Members
- Find the member
- Set their access level
- Save changes
Default Access
When a team member accesses a team-visible project:
- They get "Can edit" by default
- Private projects require explicit invitation
- Admins get "Can manage" by default
Guest Permissions
What Guests Can Do
Guests have limited access:
- ✅ Access shared projects
- ✅ View and complete tasks
- ✅ Add comments
- ✅ Upload attachments
- ❌ See other team projects
- ❌ View team settings
- ❌ Invite others
Managing Guests
Invite guests to specific projects:
- Open the project
- Click Share
- Click Invite guest
- Enter their email
- Set their project access level
- Send invitation
Converting Guests to Members
If a guest needs more access:
- Go to Team Settings → Members
- Find the guest
- Click Convert to member
- They become a full team member
Workspace Permissions
Sections and Folders
Control access at different levels:
Team level
- Who can see the team
- General permissions
Project level
- Who can access specific projects
- Project-specific permissions
Task level
- Task assignment
- Comment permissions
Inheriting Permissions
Permissions flow down:
- Team permissions → apply to projects
- Project permissions → apply to tasks
- Explicit settings override inherited
Security Settings
Two-Factor Authentication
Require 2FA for team members:
- Go to Team Settings → Security
- Enable Require 2FA
- Members must set up 2FA
- Non-compliant accounts are restricted
Session Management
Control active sessions:
- Go to Team Settings → Security
- View active sessions
- Force logout if needed
- Set session timeout
IP Restrictions (Business)
Limit access by IP:
- Go to Team Settings → Security
- Enable IP restrictions
- Add allowed IP ranges
- Only those IPs can access
Audit Logs
Viewing Activity
See what happens in your team:
- Go to Team Settings → Audit log
- View all actions:
- Member changes
- Permission updates
- Project access
- Security events
Filtering Logs
Search audit logs by:
- User who performed action
- Action type
- Date range
- Affected resource
Exporting Logs
Download for compliance:
- Apply filters
- Click Export
- Download CSV
- Store securely
Best Practices
Principle of Least Privilege
Give minimum necessary access:
- Start with lower permissions
- Elevate when justified
- Review regularly
Role Assignment Guidelines
Make someone an Admin when they need to:
- Invite team members
- Manage team settings
- Create organizational structure
Keep as Member when:
- They just need to work on tasks
- No management responsibilities
- Standard collaboration needs
Regular Reviews
Monthly permission audit:
- Review member list
- Check role assignments
- Verify guest access
- Remove unused accounts
Documenting Decisions
Keep records of:
- Why permissions were granted
- Who approved changes
- When to review again
Troubleshooting
"Permission Denied" Errors
Check:
- You're signed into correct account
- Your role has needed permission
- Project hasn't been made private
Can't Change Someone's Role
You need:
- Owner or Admin role
- Higher role than the person you're changing
- Active team membership
Lost Admin Access
If locked out:
- Contact team owner
- Or contact support with ownership proof