VIEWPORT
For teams

Set up teams

Org-local groups of members. The unit of ACL routing, not a tenant.

A team is an org-local group of members. Teams are not tenants. They're an ACL primitive that lets you address a group as one principal. "Platform" in Acme has nothing to do with "Platform" in Personal; they share a slug only.

Teams are always explicit. They are never auto-created. The org starts at zero teams. You make one when you need one.

When you need a team

You probably need a team when:

  • More than one person should be on the routing list for an approval gate.
  • Multiple people should see a shared workflow without inviting each one individually.
  • You want to grant a workflow or vault to a role ("Platform engineers") rather than enumerated humans.

You probably don't need a team when:

  • Two people share everything. Direct grants between them are simpler.
  • The thing you're sharing is one-off. Use a share group (ad-hoc grant) instead.

Create a team

  1. MembersTeams tab → Create team.
  2. Name it: e.g., Platform. Slug auto-suggested.
  3. Add members. Every member of a team must already be an org member.
  4. Save.

What happens:

  • A teams row is created with workspace_id set to your org. The unique(workspace_id, slug) constraint means the same slug can repeat across orgs.
  • A team_members row is created for each member, with role inside the team (lead, member).
  • An audit event team.created is written.

Team roles

Inside a team, members can have one of two roles:

RoleWhat they can do
LeadAdd/remove team members. Anyone with admin on the org also has this implicitly.
MemberNormal team membership for routing/ACL purposes.

Team roles don't override org roles. An org viewer who's a team lead is still a viewer of the org's resources.

Address a team as a principal

When you share a resource (workflow, plan, vault), you can address a user, a team, or a share group:

Share with:  alice@acme.com           ← user
             Platform                 ← team in this org
             share-group: review-2026 ← ad-hoc share group

Routing works the same way: the platform expands the audience and writes an ACL entry. Members of the team see the resource through that grant.

Cross-org team safety

Teams are workspace-scoped, hard-enforced. The same slug in two orgs is two different teams. Cross-org leakage through team grants is prevented at the schema level: a team grant can only reference a team in the same workspace as the resource.

See Concepts: Organizations and teams for the invariants.

Archive a team

Removes the team from new routing but preserves history. Past audit events still reference the team name. Members are not removed from the org.

To hard-delete: contact us. Hard delete is rare and requires confirming there are no dependent ACL entries.

Where to go next

Invite teammates

Invite by email. Choose a role. Optionally pre-assign to teams. Email-matched accept flow.

Share resources

Workflows, plans, vaults. Grant access to specific users, teams, or share groups inside your org.

On this page

When you need a teamCreate a teamTeam rolesAddress a team as a principalCross-org team safetyArchive a teamWhere to go next