Access Groups

An Access Group is a named collection of users. You can use groups to grant project access to multiple people at once instead of adding them individually.

Access Groups are not roles. Adding a user to an Access Group does not change their permissions, their Access Level, or their Global Role. A group is purely a batch of users — it has no permission logic of its own. What each member can do inside a project is still determined by their individual Global Role (or a Project Role Override).

When to use Access Groups

Groups are useful when the same set of people needs access to multiple projects. Instead of adding each person to each project one by one, you add them to a group once and then use the group when assigning project access.

Example: a "Mobile QA Team" group might contain 8 engineers. Whenever a new mobile project is created, you add the group to it rather than adding each engineer individually.

Managing groups

Access Groups are managed under Admin → Users → Access Groups. Only Tenant Admins can create, edit, or delete groups.

From that tab you can:

• Create a new group with a name and optional description
• Add or remove members from a group
• Enable or disable a group (disabling prevents it from being used without deleting it)
• Delete a group (does not affect the users or their project memberships already granted)

Assigning a group during invitation

When inviting a new user, Tenant Admins can assign the user to one or more Access Groups at the same time. This is optional — groups can also be managed separately after the user has joined.

"What is the difference between an Access Group and a Global Role?" A Global Role defines what a user can do — their permission set inside projects. An Access Group defines who moves together — a batch of users you want to grant project access to as a unit. They solve different problems and are completely independent. A user can be in multiple groups and still have only one Global Role.