Groups & Access Control
Manage team access with groups and role-based permissions
Groups let you organize users into logical teams and assign roles and resource permissions in bulk. Instead of managing access user by user, add someone to a group and they instantly inherit all of the group's roles and shared resources.
Simplified Access Management: Share a project with the "Engineering Team" group once, and every current and future member of that group gets access automatically.
Overview
Groups are part of DarcyIQ's role-based access control (RBAC) system. They solve the problem of managing permissions at scale β when you have dozens of users and hundreds of resources, assigning access individually becomes unmanageable.
Bulk User Management
Add or remove users from groups in one action
Manage access for entire teams at once
Role Inheritance
Group members inherit all roles assigned to the group
Consistent permissions across team members
Resource Sharing
Share resources with a group instead of individual users
One share action covers the entire team
Automatic Onboarding
New group members instantly get all group permissions
No manual permission setup for new hires
Clean Offboarding
Remove a user from a group to revoke all inherited access
Instant, complete access revocation
Everyone Group
System group that automatically includes all org members
Set org-wide defaults effortlessly
How Groups Work
When a user is added to a group, they automatically gain:
Organization roles assigned to the group (Admin, Member, etc.)
Resource permissions shared with the group (Editor or Viewer on specific projects, lists, etc.)
When a user is removed from a group, all inherited access is revoked immediately.
The "Everyone" Group
Every organization has a system-managed Everyone group that automatically includes all organization members.
Membership
Automatic β all org members are added, cannot be manually changed
Roles
Cannot be assigned (prevents accidental org-wide escalation)
Resource Sharing
Share a resource with Everyone to give the whole org access
Management
Cannot be renamed, deleted, or have members manually managed
Use the Everyone group to share resources that the whole organization should see β like company-wide knowledge bases, shared templates, or reference lists.
Creating and Managing Groups
Creating a Group
Navigate to Access Control Go to Settings β Access Control and select the Groups tab.
Click "Create Group" Provide a name and optional description for the group.
Add Members Search for users in your organization and add them to the group.
Assign Roles (Optional) Assign organization-level roles to the group. All members will inherit these roles.
Managing Members
Add Members
Search users and add individually or in batch
Users immediately inherit group permissions
Remove Member
Click remove on a group member
User loses all permissions inherited from this group
View Members
Open the group detail to see all current members
Audit who has access
Managing Roles
Assign organization-level roles to a group so all members share the same capabilities:
Admin
Full organizational management, settings, and user management
Member
Standard access to features and shared resources
Roles assigned to a group apply to all members. Be careful when assigning Admin roles to groups β every member of that group will gain administrator privileges.
Sharing Resources with Groups
Instead of sharing a project, list, or agent with each user individually, share it with a group:
How to Share with a Group
Open the resource you want to share (project, list, agent, etc.)
Click Share
Switch to the Groups tab
Search for and select the group
Choose the permission level
Group Permission Levels
Resource Editor
Read and write access to the resource
Team members who contribute
Resource Viewer
Read-only access to the resource
Stakeholders who review
Resource Owner is only assignable to individual users, not groups. The user who creates a resource is automatically its owner.
Permission Evaluation
When a user attempts an action, DarcyIQ evaluates permissions in this order:
Organization roles β direct roles assigned to the user
Group organization roles β roles the user inherits from their groups
Direct resource permissions β permissions assigned to the user on a specific resource
Group resource permissions β resource permissions the user inherits from their groups
If no permission grants access, the action is denied
This means a user's effective permissions are the union of their direct permissions and all permissions inherited from every group they belong to.
Who Can Manage Groups
View groups
Any organization member
Create groups
Owner, Admin, or Sysadmin
Update groups
Owner, Admin, or Sysadmin
Delete groups
Owner, Admin, or Sysadmin
Manage members
Owner, Admin, or Sysadmin
Manage roles
Owner, Admin, or Sysadmin
Use Cases
Team Onboarding
Scenario: A new consultant joins the delivery team
Add the user to the "Delivery Team" group
They instantly gain access to all shared projects, lists, and agents
No need to individually share dozens of resources
Department Access Control
Scenario: The sales team needs access to all prospecting lists
Create a "Sales Team" group
Share all lead lists and prospect research with the group
New sales hires automatically get access when added to the group
Client Engagement Teams
Scenario: Rotating team members across client projects
Create a group per client (e.g., "Acme Corp Team")
Share all Acme-related projects, lists, and knowledge bases with the group
Add or remove team members as the engagement evolves
Organization-Wide Resources
Scenario: Company-wide knowledge base access
Share the knowledge base with the Everyone group
All current and future org members automatically have access
Best Practices
Mirror your org structure
Create groups that reflect real teams β sales, engineering, delivery
Use descriptive names
"AWS Migration Team" is better than "Team A"
Minimize role assignments
Assign the least-privileged role that allows the group to do their work
Audit regularly
Review group membership quarterly to remove departed team members
Use Everyone sparingly
Only share truly org-wide resources with the Everyone group
Prefer groups over individuals
Share resources with groups by default for easier long-term management
Pro Tip: When someone leaves your organization, removing them from all groups immediately revokes their inherited access. Combine this with direct permission review for complete offboarding.
Related Documentation
Managing organization users
Sharing lists with groups
Agent sharing
Project permissions
Last updated
Was this helpful?