Access Control Groups
Access control groups (ACGs) are named collections of users that share a common permission profile and optional document visibility filter. Assigning a user to a group grants them every permission defined on that group. Groups reduce individual role management and ensure consistent access across large project teams. They also serve as the mechanism for restricting visibility of confidential documents — only users in the document's assigned ACG can see those records.
Group structure
Each access control group has:
| Attribute | Description |
|---|---|
| Name | Descriptive label identifying the group's purpose. |
| Description | Optional context on the group's intended membership and scope. |
| Scope | Organization-wide (all projects) or project-specific. |
| Members | Project team members assigned to this group. |
| Document filter | Optional conditions restricting which documents this group can see (by discipline, doc type, zone, or confidentiality flag). |
| Permissions | The set of allowed actions for members of this group (see Permission set below). |
Document visibility filters
Access control groups can be configured with document filters that limit which records in the register are visible to group members. When a filter is active, members only see documents matching ALL filter conditions:
| Filter dimension | Example |
|---|---|
| Discipline | Only structural documents |
| Document type | Only drawings and specifications |
| Zone / area | Only Zone A records |
| Confidentiality flag | Documents marked confidential and assigned to this group |
Filters are additive AND conditions. A member in the "Structural Reviewers" group with discipline = Structural sees only structural documents, regardless of their individual project role.
Permission set
Groups grant specific action permissions to their members. The available permissions are:
| Permission key | Description |
|---|---|
create_workflow | Start a workflow on a document or package. |
manage_templates | Create, edit, and archive workflow templates. |
upload_documents | Upload new documents and revisions to the register. |
manage_documents | Edit document metadata, lock/unlock, supersede, and mark no longer in use. |
send_correspondence | Compose and dispatch correspondence items (RFI, NCR, TQ, etc.). |
manage_transmittals | Create, issue, and manage formal transmittals. |
manage_review_matrix | Configure and edit the review matrix rules. |
manage_work_packages | Create, edit, and manage work packages. |
view_reports | Access the project reports and analytics views. |
manage_guest_shares | Create and revoke guest reviewer shares. |
manage_dist_lists | Create and manage distribution lists. |
manage_members | Invite and manage project team members. |
manage_settings | Edit project settings, numbering schemes, and field configuration. |
view_audit_log | Access the full project audit trail. |
Creating an access control group
- Go to Admin → Access control groups.
- Select New group.
- Enter a Name and Description.
- Set the Scope (organization or project).
- Add Members from the user directory.
- Configure the Document filter if document visibility should be restricted.
- Set the Permissions from the list above.
- Save.
Assigning groups to team members
Team members can belong to one or more groups simultaneously. Permissions are union-based — a user in Group A and Group B receives the combined permissions of both groups. Document visibility filters are also combined: a user with two groups' filters sees documents matching either group's filter conditions (OR logic across group filters).
To assign a group:
- Go to Admin → Team and open the team member's profile.
- Under Groups, select the groups to assign.
- Save.
Confidential document access
When a document has Confidentiality enabled, only users in the document's assigned ACG can see that record in the register. Assign the document to a specific ACG at upload time or by editing the document's metadata. Users outside the group see no entry for that document in the register view.
Related
- Document Register Guide — confidentiality field configuration
- Document Upload and Versioning — setting confidentiality at upload time
- Review Matrix — using groups as reviewer pools
- Workflow Templates — assigning groups as workflow step participants
Use groups when more than two or three people share the same responsibilities on a project. The maintenance overhead of individual role assignment grows quickly on large teams.
Auditing group membership
Review group membership at project phase transitions and at staff changes. Remove users who have left the project promptly to maintain access integrity. See Access groups admin for governance guidance.