Getting startedSet up integrationsCreate your first initiativeInvite your teamPlan today's workShare your first update
StatusesWork TypesSearchCaptured WorkInitiativesBugsIdeasTodosDocumentsWriter ModePermissionsNotification TypesTaxonomy TypesTriage ItemsGlossary
DocsAPI Reference

Main

  • Home
  • About
  • Pricing
  • Vault
  • Changelog
  • Docs

Features

  • Roadmaps
  • Planning
  • Standups
  • Status updates
  • Insights
  • AI assistant / MCP
  • Integrations

Solutions

  • Startups
  • Dev shops / agencies
  • Software teams
  • Internal IT & platform teams

Alternatives

  • vs Jira
  • vs Linear
  • vs Asana
  • vs Monday.com
  • vs ClickUp
  • vs Notion

Company

  • Blog
  • Security
  • Log in
  • Sign up
  • Terms of Use
  • Privacy Policy

Resources

  • Docs
  • Community
  • API reference
  • CLI
  • Desktop app
  • SDK

© 2026 One Horizon. All rights reserved

FacebookInstagramThreadsXRedditTikTokYouTubeMedium

Permissions

Permissions explain visibility, role behavior, external tool grants, and access boundaries around workspace data.

Workspace roles

Workspace owners manage billing, workspace settings, integrations, members, apps, and taxonomy. Workspace admins help manage workspace settings and access. Workspace members participate in work.

Team roles

Team admins and coordinators manage team setup. Team members participate in team workflows. Observers can view team context without contributing updates.

Todo visibility controls whether a native todo is private to one person or shared with the team. Shared work can appear in planning, standups, recaps, and team views when the viewer has workspace access.

Team data is scoped to team membership. People outside a team should not see that team's recaps, standups, insights, or team journal just because they are in the same workspace. Workspace owners have broader administrative visibility, so keep that role limited.

Synced issues and pull requests remain governed by the source system. A private todo can hide native work, but it cannot make a Jira issue, GitHub pull request, or Linear issue private in the source tool.

Connected tool access

We inherit user-level permissions from connected systems. GitHub, GitLab, Slack, Jira, Linear, Google Calendar, and similar providers still control what the user or app can access.

Each user's integration data is scoped to the accounts, organizations, projects, repositories, channels, and calendars they authorized. Organization-level installs such as Slack or the GitHub PR Bot still rely on the provider's own admin approval and access controls.

API and app access

API Keys have workspace-level read and write access and can be revoked. OAuth Apps act with user-granted access. Webhooks send selected workspace events to registered HTTPS endpoints.

Agent execution boundary

Session creation queues work. Execution starts after a worker claims the session, and local workers are owner-only so execution stays on the machine of the user who started the worker.

Review this alongside Roles and Security when access decisions need more detail.

PreviousWriter ModeNextNotification Types

Initiatives

Understand initiative fields, hierarchy, roadmap behavior, and initiative actions.

Writer Mode

Writer Mode turns rough initiative context into a structured working brief.

Captured Work

Understand how connected activity becomes completed tasks, recaps, insights, and attribution.

Triage Items

Understand triage reviewers, decisions, duplicate handling, and backlog outcomes.

  • Workspace roles
  • Team roles
  • Connected tool access
  • API and app access
  • Agent execution boundary
  • Back to top