Users and Access

Users are the people who work in the application - you, your teammates, clients, and any collaborators. Each user has an account with a profile, belongs to one or more organizations, and has different levels of access to various resources.

What are Users?

Users in the application:

• Have Individual Accounts: Each person has their own login and profile
• Belong to Organizations: Join one or more organization workspaces
• Have Access Levels: Different permissions for different resources
• Collaborate on Work: Work together on projects and deliverables
• Maintain Activity History: Track what they've created and modified
• Can Invite Others: Share access to projects and statements of work

User Account

Your Profile

Your user account includes:

• Name: Your full name displayed to teammates
• Email: Your login email and contact address
• Profile Picture: Optional photo or avatar
• Account Settings: Preferences and configuration
• Password/Authentication: Secure login credentials
• Organization Memberships: All organizations you belong to

Authentication

The application uses Clerk for secure authentication:

Sign-up Options:

• Email and password
• Google account
• Other social providers
• Magic link (passwordless)

Security Features:

• Multi-factor authentication (2FA)
• Password requirements and policies
• Session management
• Device tracking

Managing Your Account

Update your profile:

1. Click your profile picture or name
2. Select "Account Settings"
3. Edit your information
4. Save changes

Change your password:

1. Go to Account Settings
2. Select "Security"
3. Click "Change Password"
4. Follow the prompts

Enable two-factor authentication:

1. Go to Account Settings
2. Select "Security"
3. Enable 2FA
4. Follow setup instructions

Organizations and Memberships

Belonging to Organizations

Users can belong to multiple organizations:

Your organizations:

• Personal workspace (your individual organization)
• Company organization (your employer)
• Client organizations (as external collaborator)
• Partner organizations (for joint projects)

Switching organizations:

1. Click the organization switcher
2. Select the organization you want to work in
3. Everything updates to show that organization's data

What's separate per organization:

• Clients and contacts
• Projects and SOWs
• Team members
• Settings and preferences

What follows you across organizations:

• Your user profile
• Your account settings
• Your activity history

Organization Roles

Within each organization, you have a role:

Admin:

• Full control over the organization
• Manage members and settings
• Delete or modify anything
• Handle billing and subscriptions

Member:

• Create and edit work
• Collaborate on projects
• Invite others to resources
• Standard working permissions

Joining Organizations

You can join an organization by:

1. Invitation from Admin:

   • Admin sends you an invitation
   • You receive an email
   • Click the link to join
   • Accept the invitation

2. Invitation to a Resource:

   • Someone invites you to a project or SOW
   • You get access to that resource
   • May join the organization automatically

3. Creating Your Own:

   • Create a new organization
   • You become the admin
   • Invite others to join

Access Levels

Different resources have different access levels that determine what you can do:

Five Access Levels

Owner (Highest Level):

• Full control over the resource
• Can delete the resource
• Manage who has access
• Edit all content
• Typically the person who created it

Editor:

• Can view and modify content
• Add and update work items
• Create criteria and tests
• Cannot delete the resource
• Cannot manage access

Approver:

• Can review and approve work
• Provide feedback and comments
• Approve or reject deliverables
• Cannot edit the content
• Focused on review and sign-off

Viewer:

• Read-only access
• See all content and progress
• Cannot make changes
• Cannot approve work
• Good for stakeholders

Follower (Lowest Level):

• Receive updates and notifications
• Basic visibility into status
• Cannot see detailed content
• Cannot make changes
• Great for staying informed

Access Level Hierarchy

Access levels have a hierarchy:

Owner > Editor > Approver > Viewer > Follower

What this means:

• Owner can do everything
• Each level can do what the levels below it can do
• You can't grant someone higher access than you have

Resource Access

How Access Works

Organization-Level Access:

• All organization members can see organizational resources
• Automatic editor access to organization projects and SOWs
• Simplifies collaboration for teams

Resource-Level Access:

• Specific access granted to individual resources
• Can invite people to specific projects or SOWs
• Useful for external collaborators or clients
• Can set expiration dates

Inherited Access:

• Access to a project automatically includes its SOWs
• Children inherit from parents by default
• Can be overridden for specific resources

Checking Your Access

To see what access you have:

1. View the resource (project, SOW, RFC)
2. Look for Access Settings or Sharing
3. See your access level
4. View who else has access

What you can see:

• Your access level
• Who granted you access
• When access expires (if applicable)
• Other users with access (if you're owner/admin)

Granting Access to Others

If you're an owner or admin, you can invite others:

1. Open the resource you want to share
2. Click "Share" or "Manage Access"
3. Enter email address or select user
4. Choose access level:
   • Owner (for co-owners)
   • Editor (for collaborators)
   • Approver (for reviewers)
   • Viewer (for stakeholders)
   • Follower (for updates only)
5. Optionally set expiration date
6. Add a message (optional)
7. Send invitation

Accepting Invitations

When someone invites you to a resource:

1. You receive an email with the invitation
2. Click the link in the email
3. Log in (or sign up if new)
4. Accept the invitation
5. Access the resource

Invitations expire:

• Typically valid for 7 days
• Can be resent if expired
• Declined invitations can't be reused

Collaborating with Others

Working Together

As a team member:

• See what your teammates are working on
• Edit the same projects and SOWs
• Add comments and feedback
• Track who changed what and when

As an external collaborator:

• Access specific projects you're invited to
• Provide input as a subject matter expert
• Review and approve deliverables
• Stay isolated from other work

As a client or stakeholder:

• View progress on your projects
• Approve statements of work
• Provide feedback
• Stay informed without editing

Activity Tracking

Everything you do is tracked:

• Creating resources (projects, SOWs, items)
• Editing content
• Approving deliverables
• Granting or revoking access
• Commenting on work

Why this matters:

• Accountability and transparency
• Audit trail for compliance
• Understanding who did what
• Resolving disputes or questions

Mentions and Notifications

Mention other users:

• Use @username in comments
• They receive a notification
• Draws attention to specific items
• Great for questions or reviews

Notification types:

• Invitations to resources
• Changes to resources you follow
• Mentions in comments
• Approval requests
• Status changes

API Tokens

What are API Tokens?

API tokens let you access the application programmatically:

Use tokens for:

• Automation scripts
• CI/CD pipelines
• Integration with other tools
• Bulk operations
• Custom tooling

Token properties:

• Personal to your user account
• Have same permissions you have
• Can have descriptions for tracking
• Optional expiration dates
• Track last usage

Creating an API Token

1. Go to Account Settings
2. Select "API Tokens"
3. Click "Create New Token"
4. Add description (e.g., "CI/CD Pipeline")
5. Optionally set expiration
6. Create token
7. Copy token immediately (shown only once)
8. Store securely (treat like a password)

Managing API Tokens

Best practices:

• Create separate tokens for different purposes
• Set expiration dates when possible
• Delete unused tokens
• Rotate tokens regularly
• Never share tokens
• Don't commit tokens to code

Revoke a token:

1. Go to API Tokens
2. Find the token
3. Click "Delete" or "Revoke"
4. Confirm deletion

If a token is compromised:

1. Immediately revoke the token
2. Review recent activity
3. Create a new token if needed
4. Update systems using the old token

Managing Your Activity

Your Dashboard

See what you're working on:

Active work:

• Projects you own or follow
• SOWs assigned to you
• Recent activity
• Pending approvals

Filters:

• By organization
• By project
• By status
• By date

Your Contributions

Track what you've created:

• All projects you've started
• SOWs you've written
• Criteria and tests you've defined
• RFCs you've proposed

See what you've changed:

• Recent edits
• Approvals given
• Comments added
• Access granted

Privacy and Security

Your Data

What's private:

• Your account credentials
• Your email address (unless shared)
• Your activity in organizations
• Resources you have access to

What's visible to teammates:

• Your name and profile picture
• Your role in shared organizations
• Your activity on shared resources
• Your comments and contributions

What's visible to admins:

• Your organization memberships
• Your access to resources
• Your activity logs
• Your API token usage (not the tokens)

Security Best Practices

Protect your account:

• Use a strong, unique password
• Enable two-factor authentication
• Don't share your credentials
• Log out on shared devices
• Review active sessions regularly

Protect API tokens:

• Store securely (password manager or secrets vault)
• Never commit to version control
• Use environment variables
• Rotate regularly
• Revoke immediately if compromised

Access management:

• Grant minimum necessary access
• Review access regularly
• Revoke access when no longer needed
• Use expiration dates for temporary access
• Audit who has access to sensitive resources

Common Workflows

Starting as a New User

1. Sign up for an account

   • Use email or social provider
   • Verify your email
   • Set up your profile

2. Join or create organization

   • Accept invitation to existing organization
   • Or create your first organization
   • Set up your workspace

3. Connect with team

   • Invite teammates if you're admin
   • Accept invitations to projects
   • Start collaborating

Inviting External Collaborators

When to invite externally:

• Client stakeholders for approvals
• Subject matter experts for input
• Partners for joint projects
• Contractors for specific work

How to do it:

1. Don't add them to your organization
2. Instead, invite them to specific resources
3. Choose appropriate access level
4. Set expiration if temporary
5. Include context in invitation message

Leaving an Organization

If you need to leave:

1. Transfer ownership of any resources you own
2. Document your work for continuity
3. Notify your team of departure
4. Request removal from organization admin
5. Admin removes you from organization

What happens:

• You lose access to organization resources
• Your contributions remain visible
• Audit logs preserve your activity
• Resources you created stay (with new owner)

Troubleshooting

Can't Log In

Check these:

• Email address correct
• Password correct (try reset)
• Account not locked
• Email verified
• No browser issues

Reset password:

1. Click "Forgot Password"
2. Enter your email
3. Check email for reset link
4. Follow instructions
5. Set new password

Can't See a Resource

Common reasons:

• Not in the correct organization (switch organizations)
• Don't have access (request from owner)
• Resource was deleted or archived
• Access expired

Solutions:

• Verify you're in right organization
• Ask resource owner for access
• Check if resource was moved
• Review your access level

Invitation Didn't Arrive

Check these:

• Spam/junk folder
• Email address correct
• Invitation not expired
• Email server not blocking

Solutions:

• Ask sender to resend
• Check all email folders
• Verify email address with sender
• Try different email address

Lost API Token

If you forgot or lost a token:

• Tokens cannot be recovered
• Create a new token
• Update systems using the old token
• Delete the old token if found

Best Practices

Account Management

Do:

• Keep your profile information current
• Use a professional photo
• Enable two-factor authentication
• Use a strong, unique password
• Review your access regularly

Don't:

• Share your account credentials
• Use the same password elsewhere
• Give out your API tokens
• Stay logged in on shared devices
• Ignore security warnings

Collaboration

Do:

• Grant minimum necessary access
• Use expiration dates for temporary access
• Communicate clearly about permissions
• Review who has access to sensitive work
• Remove access when no longer needed

Don't:

• Give everyone owner access
• Leave external access open-ended
• Grant access to entire organization unnecessarily
• Forget to revoke departing users
• Share sensitive resources publicly

API Usage

Do:

• Create separate tokens per purpose
• Use descriptive names
• Set expiration dates
• Store securely (use secrets management)
• Rotate tokens periodically
• Delete unused tokens

Don't:

• Share tokens between services
• Commit tokens to version control
• Use personal tokens for shared services
• Keep expired tokens
• Ignore token usage alerts

Related Concepts