Access Control Options
Complete reference for ORGANIZATION, TEAM, and OWN access control modes
Complete reference for the three Team Access Control settings available in your organization.
Overview
Your organization has ONE Team Access Control setting that applies to ALL teams and Decision Sites.
The three options:
- ORGANIZATION - All internal users can access all Decision Sites
- TEAM - Only team members can access team Decision Sites
- OWN - Only owners can access their own Decision Sites
Setting location: Organization Settings → Team Access Control
Who can change: Organization ADMIN only
ORGANIZATION Access Control
Definition
Team membership does not restrict Decision Site access. All internal users with appropriate organization roles can access all Decision Sites.
Access Rules
Can access any Decision Site:
- Organization ADMIN (all Decision Sites)
- CREATOR organization role (all Decision Sites)
- COLLABORATOR organization role (all Decision Sites)
- Decision Site owner (their own Decision Sites)
- Contacts added explicitly to specific Decision Sites
Cannot access Decision Sites:
- GUEST organization role (unless added as contact to specific Decision Site)
- External users without contact invitation
Team Membership Effect
Team membership is organizational only:
- Being on a team does not grant access
- Not being on a team does not restrict access
- Team assignment of Decision Site does not matter
Teams are used for:
- Organizational structure
- Labeling
- Reporting
- Management hierarchy
Teams do NOT control:
- Decision Site visibility
- Access permissions
- Who can view content
Example Scenario
text
Organization Team Access Control: ORGANIZATION
Teams:
├─ Enterprise Team
│ ├─ Sarah (CREATOR)
│ └─ John (CREATOR)
└─ SMB Team
└─ Alex (CREATOR)
Decision Site: Acme Corp Deal
Owner: John
Team: Enterprise Team
Who can access?
✅ Sarah (CREATOR, on Enterprise Team)
✅ John (owner, CREATOR)
✅ Alex (CREATOR, different team - doesn't matter)
✅ Maria (COLLABORATOR, not on any team - can still access)
✅ Organization ADMIN (always)
❌ Bob (GUEST, not added as contact)
When to Use
Good for:
- Small organizations (< 20 people)
- Flat organizational structures
- Cross-selling is critical
- Full transparency cultures
- High collaboration needs
- Everyone works on all deals
Example companies:
- 10-person SaaS startup
- Small consulting firm
- Product team where everyone collaborates
- Companies where trust and transparency are core values
What You Gain
Simplicity:
- No access confusion
- Easy to find Decision Sites
- Simple onboarding
- No team management overhead
Collaboration:
- Anyone can see any deal
- Cross-team learning
- Spot collaboration opportunities
- Knowledge sharing
Visibility:
- Full pipeline visibility
- Easy to find deals
- No access barriers
What You Lose
Privacy:
- Cannot hide deals from internal team
- Regional teams see each other's deals
- Sensitive deals visible to all
- No confidential boundaries
Structure:
- Teams don't enforce boundaries
- May feel chaotic at scale
- No natural privacy
Scale:
- Doesn't work well past ~20 people
- Too much noise for large teams
- Everyone sees everything (overwhelming)
TEAM Access Control
Definition
Only team members (plus Decision Site owner) can access Decision Sites assigned to their team.
Access Rules
Can access Decision Site:
- Decision Site owner (always)
- Team members (if Decision Site assigned to their team)
- Organization ADMIN (bypass all restrictions)
- Contacts added explicitly to the Decision Site
Cannot access Decision Site:
- Members of other teams
- People not on any team
- GUEST users (unless added as contact)
- Organization members not on the team
Team Membership Effect
Team membership controls access:
- Being on a team grants access to that team's Decision Sites
- Not being on a team restricts access
- Team assignment of Decision Site determines visibility
- Can be on multiple teams (access multiple teams' Decision Sites)
Key behaviors:
- Owner always has access (even if not team member)
- Can add people as contacts to grant access (bypasses team restriction)
- Organization ADMIN bypasses all restrictions
- Default team behaves differently (doesn't restrict)
Multiple Team Membership
Users can be on multiple teams and access Decision Sites from all of them:
text
User: Sarah
Teams:
├─ US-East Team (MEMBER)
├─ Enterprise Team (OWNER)
└─ Product A Team (MEMBER)
Decision Sites Sarah can access:
- All US-East Team Decision Sites
- All Enterprise Team Decision Sites
- All Product A Team Decision Sites
- Plus any Decision Sites Sarah owns
- Plus any Decision Sites where Sarah added as contact
Example Scenario
text
Organization Team Access Control: TEAM
Teams:
├─ Enterprise Team
│ ├─ Sarah (MEMBER)
│ └─ John (MEMBER)
└─ SMB Team
└─ Alex (MEMBER)
Decision Site: Acme Corp Deal
Owner: John
Team: Enterprise Team
Who can access?
✅ Sarah (team member)
✅ John (owner + team member)
❌ Alex (different team)
✅ Organization ADMIN (bypass)
✅ Maria (if added as contact)
❌ Bob (not on team, not contact)
Default Team Exception
The default team is excluded from TEAM access control logic:
text
Decision Site: Welcome Guide
Team: Default Team
With TEAM access control:
✅ All organization members can access
(Default team doesn't restrict)
Why: Default team is safety net, not real access boundary.
When to Use
Good for:
- Regional sales organizations (US-East, US-West, EMEA)
- Product-based teams (Product A, Product B)
- Account tier segmentation (Enterprise, SMB)
- Medium to large companies (20+ people)
- Privacy needed between teams
- Structured access requirements
Example companies:
- 60-person regional sales organization
- Multi-product company with specialized teams
- Companies with confidential accounts
- Organizations with compliance requirements
What You Gain
Privacy:
- Teams can't see each other's deals
- Confidential deals stay within team
- Regional boundaries enforced
- Clear access control
Structure:
- Enforced team boundaries
- Natural organization
- Clear ownership
- Reduces noise (reps don't see irrelevant deals)
Scale:
- Works at any size
- Supports hierarchy
- Manageable at 100+ people
- Clear access patterns
What You Lose
Visibility:
- Cross-team visibility requires adding contacts
- Harder to find Decision Sites
- May miss collaboration opportunities
- Siloed knowledge
Complexity:
- Need to manage team membership
- Access troubleshooting more complex
- Onboarding requires team assignment
- "Can't access" issues more common
Flexibility:
- Rigid boundaries
- Cross-team work requires explicit contact addition
- Reorganization affects access
OWN Access Control
Definition
Only the Decision Site owner can access it. Team membership does not matter.
Access Rules
Can access Decision Site:
- Decision Site owner only
- Organization ADMIN (bypass)
- Contacts added explicitly to the Decision Site
Cannot access Decision Site:
- Team members (even if same team)
- Team OWNERs (even if they manage the team)
- Other Decision Site owners
- Anyone not explicitly added as contact
Team Membership Effect
Team membership has no effect on access:
- Being on same team does not grant access
- Team OWNER role does not grant access
- Team assignment of Decision Site does not matter
Teams are purely organizational:
- For labeling only
- For reporting only
- No access control effect
- Membership meaningless for access
Example Scenario
text
Organization Team Access Control: OWN
Teams:
├─ Enterprise Team
│ ├─ Sarah (OWNER) - manages team
│ └─ John (MEMBER)
└─ SMB Team
└─ Alex (MEMBER)
Decision Site: Acme Corp Deal
Owner: John
Team: Enterprise Team
Who can access?
❌ Sarah (even though team OWNER)
✅ John (owner)
❌ Alex (different team)
✅ Organization ADMIN (bypass)
❌ Team members (no access)
✅ Maria (if added as contact)
When to Use
Good for:
- Consulting firms (each consultant owns clients)
- Law firms (attorney-client privilege)
- Individual contributor model
- Maximum confidentiality required
- Personal deals
- No collaboration between individuals
Example companies:
- Law firm (each attorney sees only their cases)
- Freelance consulting network
- Real estate agents (each agent owns their listings)
- Companies with client confidentiality requirements
What You Gain
Maximum privacy:
- Complete isolation
- No accidental access
- Clear ownership
- Confidentiality guaranteed
Individual control:
- Each person manages their own
- No team access issues
- Simple ownership model
- Personal accountability
Compliance:
- Meets strict confidentiality requirements
- Attorney-client privilege
- HIPAA-like privacy
- Need-to-know basis
What You Lose
Collaboration:
- Very hard to collaborate
- Can't see teammate's work
- Manager can't see reports' deals (unless ADMIN)
- Knowledge silos
Visibility:
- Zero cross-visibility
- Must manually add every person as contact
- Pipeline visibility requires ADMIN access
- Hard to spot opportunities
Team benefits:
- Teams provide no access
- Team membership meaningless
- Team structure doesn't help
- Defeats purpose of teams
Management:
- Managers can't see team's deals (unless ADMIN)
- Hard to coach or help
- No visibility into team's work
- Must add manager as contact to every deal
Organization ADMIN Bypass
All three access control settings have one common exception:
Organization ADMIN always has full access:
- Can access ALL Decision Sites
- Bypasses ORGANIZATION, TEAM, and OWN restrictions
- Full edit permissions
- Can change ownership
- Can delete Decision Sites
Why: ADMINs manage the organization and need full access for administration.
Use cases:
- Emergency access to Decision Sites
- Fixing access issues
- Auditing all Decision Sites
- Managing orphaned Decision Sites
- Supporting users with access problems
Contacts Bypass
All three access control settings allow adding contacts:
Contacts can access regardless of team membership:
text
Team Access Control: TEAM
Enterprise Team: Sarah, John
SMB Team: Alex
Decision Site: Acme Corp Deal
Team: Enterprise Team
Contacts: Alex (explicitly added)
Result: Alex can access (even though different team)
This works for all access control settings:
- ORGANIZATION: Contacts can be added (redundant but allowed)
- TEAM: Contacts bypass team restriction
- OWN: Contacts bypass owner-only restriction
Changing Access Control Setting
Impact of Changes
ORGANIZATION → TEAM:
- Immediate effect on all Decision Sites
- People lose access to Decision Sites outside their team
- May cause confusion and complaints
- Reduces visibility significantly
TEAM → ORGANIZATION:
- Immediate effect on all Decision Sites
- Everyone suddenly sees all Decision Sites
- Privacy reduced
- May expose confidential deals
ORGANIZATION → OWN:
- Massive access restriction
- Only owners can see their Decision Sites
- Teams become organizational only
- Collaboration becomes very difficult
TEAM → OWN:
- Further access restriction
- Team members lose access to team Decision Sites
- Must add people as contacts for collaboration
OWN → TEAM:
- Access opens up slightly
- Team members gain access to team Decision Sites
- Less restrictive than OWN
OWN → ORGANIZATION:
- Maximum access opening
- Everyone sees everything
- Privacy completely removed
Process
- Go to Organization Settings
- Find Team Access Control
- Select new setting (ORGANIZATION, TEAM, or OWN)
- Click Save
- Change takes effect immediately
Warning: Test with pilot users first if possible. Once changed, affects all Decision Sites instantly.
Comparison Table
| Feature | ORGANIZATION | TEAM | OWN |
|---|---|---|---|
| Team membership matters | No | Yes | No |
| Who can access | All internal users | Team members + owner | Owner only |
| Privacy level | Low | Medium | Maximum |
| Collaboration ease | Easy | Medium | Difficult |
| Complexity | Simple | Medium | Simple |
| Use case | Small companies | Regional teams | Individual contributors |
| Best for company size | < 20 | 20-200+ | Any |
| Teams control access | No | Yes | No |
| Teams purpose | Organizational | Access control | Organizational |
| Manager visibility | Full | Team only | None (unless ADMIN) |
| Cross-team access | Automatic | Via contacts | Via contacts |
| Admin bypass | Yes | Yes | Yes |
| Contacts bypass | N/A | Yes | Yes |
Decision Framework
Choose ORGANIZATION if:
- Company has < 20 people
- No natural team divisions
- Full transparency preferred
- Cross-selling is critical
- High collaboration need
- Flat structure
- Trust-based culture
- Everyone works on everything
Choose TEAM if:
- Company has 20+ people
- Clear team divisions (region, product, tier)
- Privacy needed between teams
- Compliance requirements
- Structured access preferred
- Clear hierarchy
- Stable team composition
- Noise reduction important
Choose OWN if:
- Individual contributor model
- Maximum privacy required
- Consulting/law firm structure
- No collaboration between individuals
- Client confidentiality paramount
- Each person owns their clients
- Manager visibility not needed
- Privacy trumps collaboration
Next Steps
- Understand team roles: Team Roles
- Learn team organization: Team Organization
- Decide when to use teams: When to Use Teams
- Follow best practices: Best Practices