Team Management Overview
Autonify uses a multi-layered permission system to provide secure, flexible access control for your data infrastructure. This overview helps you understand how teams, roles, and permissions work together.
Permission Layers
Autonify has three distinct permission layers that work together:
1. Platform Permissions
Controls access to the Autonify platform itself:
- Owner: Full platform control (first user gets this automatically)
- Admin: Can manage users, groups, and access all teams
- User: Standard access, can create teams and access assigned resources
2. Team Permissions
Controls access within specific teams:
- Team Owner: Full control over the team, can delete it
- Team Admin: Can manage team resources and run agents
- Team User: Can view and query data sources
3. Column Permissions
Fine-grained control over data access:
- Assigned to groups by Platform Admins
- Controls which columns users can see
- Applies to APIs and AI integrations
Key Concepts
Teams
- Organize data sources and users
- Provide isolated workspaces
- Control data access boundaries
- Any platform user can create a team
Groups
- Manage permissions for multiple users
- Users inherit the highest permission from their groups
- Only Platform Admins can create groups
- Can be assigned to teams with specific roles
Data Sources
- Belong to specific teams
- All team members can view and query
- Only Team Admins/Owners can create or modify
- Access controlled by team membership
Common Scenarios
New Organization Setup
- First user signs up → Automatically becomes Platform Owner
- Platform Owner creates additional users
- Users create teams for their departments
- Team Owners add members to their teams
- Platform Admin creates groups for cross-team permissions
Department Team Structure
Marketing Team
├── Team Owner: Marketing Director
├── Team Admins: Senior Analysts (can run agents)
└── Team Users: Marketing Staff (view data only)
Engineering Team
├── Team Owner: Engineering Lead
├── Team Admins: Data Engineers (manage pipelines)
└── Team Users: Developers (query access)
Cross-Team Access via Groups
Data Governance Group (Platform Level)
├── Members: Compliance Officers
├── Platform Permission: User
└── Team Access: View all teams' data quality metrics
Permission Capabilities
What Platform Owners Can Do
- Everything Platform Admins can do
- Delete the entire platform
- Modify other Owners' permissions
- Access all teams regardless of membership
What Platform Admins Can Do
- Create and manage users
- Create and manage groups
- Access all teams without being a member
- Configure platform settings
- Cannot modify Platform Owners
What Platform Users Can Do
- Create new teams (become Team Owner)
- Access teams they're members of
- Use platform features
- Cannot manage other users or groups
What Team Owners Can Do
- Everything Team Admins can do
- Delete the team
- Remove other Team Owners
- Transfer team ownership
What Team Admins Can Do
- Add/remove team members (except Owners)
- Create and manage data sources
- Run AI agents and scans
- Configure team settings
- View all team data
What Team Users Can Do
- View team data sources
- Run queries and reports
- Access read-only features
- Cannot modify settings or run agents
Security Best Practices
Platform Level
- Limit Platform Owner accounts
- Use Platform Admin for day-to-day administration
- Regular audit of platform permissions
- Document permission changes
Team Level
- One or two Team Owners per team
- Use Team Admin for operational tasks
- Regular review of team membership
- Clear documentation of team purpose
Data Access
- Use column permissions for sensitive data
- Create specific groups for API access
- Regular audit of data access patterns
- Monitor agent and MCP usage
Quick Reference
| Action | Platform Owner | Platform Admin | Platform User | Team Owner | Team Admin | Team User |
|---|---|---|---|---|---|---|
| Create users | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
| Create groups | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
| Create teams | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Delete teams | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ |
| Add team members | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ |
| Create data sources | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ |
| Run AI agents | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ |
| Query data | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
Next Steps
- Creating Teams - Set up your first team
- Managing Members - Add users to your organization
- Roles & Permissions - Configure access control
- Team Settings - Customize team configuration