Permissions
This guide explains how permissions work in Mainbranch, including role-based access control and data-level permissions.
Overview
Section titled “Overview”Mainbranch uses two types of permissions:
- Role-based access control — Determines what features users can access
- Data-level permissions — Determines what content users can see
Role-Based Access Control
Section titled “Role-Based Access Control”Mainbranch has three user roles:
| Role | Description |
|---|---|
| Owner | Full access to all features and settings, can delete workspace |
| Admin | Can manage settings, users, and connectors |
| Member | Standard access to search, AI, and tools |
Role Capabilities
Section titled “Role Capabilities”| Capability | Owner | Admin | Member |
|---|---|---|---|
| Use AI Assistant | Yes | Yes | Yes |
| Access The Vault | Yes | Yes | Yes |
| View Meetings | Yes | Yes | Yes |
| Use Tools | Yes | Yes | Yes |
| View All Settings | Yes | Yes | No |
| Manage Members | Yes | Yes | No |
| Manage Connectors | Yes | Yes | No |
| Configure SSO | Yes | Yes | No |
| Configure AI Settings | Yes | Yes | No |
| Delete Workspace | Yes | No | No |
| Transfer Ownership | Yes | No | No |
Changing Roles
Section titled “Changing Roles”Administrators can change user roles:
- Go to Workspace settings > Members
- Find the user
- Select a new role
- Save changes
Data-Level Permissions
Section titled “Data-Level Permissions”Permission Inheritance
Section titled “Permission Inheritance”Mainbranch inherits permissions from your connected data sources:
- Google Drive — File and folder sharing settings
- Microsoft 365 — OneDrive and SharePoint permissions
- Gmail/Outlook — Mailbox access
- Zendesk — Ticket visibility settings
How It Works
Section titled “How It Works”When a user searches in Mainbranch:
- The search is performed across all connected sources
- Results are filtered based on the user’s permissions
- Only content the user can access in the source system is shown
Example:
- User A can see files shared with them in Google Drive
- User B cannot see User A’s private files
- The same visibility applies in Mainbranch search results
No Permission Bypass
Section titled “No Permission Bypass”Permission Scenarios
Section titled “Permission Scenarios”Shared Documents
Section titled “Shared Documents”When a document is shared in Google Drive or OneDrive:
- Users with access see it in Mainbranch
- Users without access do not see it
- Changes to sharing update Mainbranch access
Personal Content
Section titled “Personal Content”Private files and emails:
- Only the owner sees them in Mainbranch
- Not visible to other users or admins
- Admins do not have special content access
Organization-Wide Content
Section titled “Organization-Wide Content”Company-wide shared content:
- Visible to all users
- Follows source system’s org-wide sharing
Vault Permissions
Section titled “Vault Permissions”Uploaded Files
Section titled “Uploaded Files”Files uploaded directly to The Vault:
- Visible to the uploader
- May have organization-wide visibility
- Depends on workspace configuration
File Access
Section titled “File Access”Users can:
- See files they uploaded
- See files shared with them
- See organization-shared files
Permission Sync
Section titled “Permission Sync”Sync Timing
Section titled “Sync Timing”Permission changes sync from source systems:
- Most changes reflect within minutes
- Large permission changes may take longer
- Full permission sync occurs periodically
Forcing Sync
Section titled “Forcing Sync”If permissions seem out of date:
- Wait for automatic sync
- Check source system permissions
- Contact administrator for connector status
Managing Access
Section titled “Managing Access”For Administrators
Section titled “For Administrators”Control access by:
- Managing user roles
- Configuring connector scope
- Reviewing connected sources
For Users
Section titled “For Users”Control your content visibility by:
- Managing sharing in source systems
- Understanding what’s connected
- Reviewing your permissions
Feature Access
Section titled “Feature Access”Controlled Features
Section titled “Controlled Features”Administrators can enable/disable:
- Web search capability
- File upload capability
- Chat history retention
These settings apply to all members.
Best Practices
Section titled “Best Practices”For Administrators
Section titled “For Administrators”- Use member role for most users
- Limit admin access to those who need it
- Review permissions regularly
- Document access policies
For Users
Section titled “For Users”- Understand what content is searchable
- Use source system sharing appropriately
- Report unexpected access issues
Security
Section titled “Security”- Regularly review who has admin access
- Audit permissions periodically
- Keep source system permissions current
Troubleshooting
Section titled “Troubleshooting”Cannot See Expected Content
Section titled “Cannot See Expected Content”- Verify access in the source system
- Check if content is in a connected source
- Allow time for permission sync
- Contact administrator
Seeing Unexpected Content
Section titled “Seeing Unexpected Content”- Review source system sharing settings
- Content may be shared more broadly than expected
- Check team or organization sharing
Permission Changes Not Reflecting
Section titled “Permission Changes Not Reflecting”- Allow time for sync
- Verify change was made in source
- Check connector status
- Contact administrator
Next Steps
Section titled “Next Steps”- Configure SSO — Secure authentication
- Review Data Privacy — Data handling practices
- Return to Security Overview