Getting startedSet up integrationsCreate your first initiativeInvite your teamPlan today's workShare your first update
StatusesWork TypesSpec-driven developmentBugsIdeasTodosDocumentsWriter ModePermissionsNotification TypesTaxonomy TypesGlossary
DocsAPI Reference

Main

  • Home
  • About
  • Pricing
  • Vault
  • Changelog
  • Docs

Features

  • Roadmaps
  • Planning
  • Standups
  • Status updates
  • Insights
  • AI assistant / MCP
  • Integrations

Solutions

  • Startups
  • Dev shops / agencies
  • Software teams
  • Internal IT & platform teams

Alternatives

  • vs Jira
  • vs Linear
  • vs Asana
  • vs Monday.com
  • vs ClickUp
  • vs Notion

Company

  • Blog
  • Security
  • Log in
  • Sign up
  • Terms of Use
  • Privacy Policy

Resources

  • Docs
  • Community
  • API reference
  • CLI
  • Desktop app
  • SDK

© 2026 One Horizon. All rights reserved

FacebookInstagramThreadsXRedditTikTokYouTubeMedium

Permissions

Use Permissions to understand visibility, role behavior, external tool grants, and access boundaries around workspace data.

Workspace and team access

Workspace owners manage billing, settings, integrations, members, apps, and taxonomy. Workspace admins help manage workspace settings and access. Workspace members participate in work. Team admins and coordinators manage team setup. Team members participate in team workflows, while observers can view team context without contributing updates.

Todo visibility controls whether a native todo is private to one person or shared with the team. Shared work can appear in planning, standups, recaps, and team views when the viewer has workspace access.

Team data is scoped to team membership. People outside a team should not see that team's recaps, standups, insights, or team journal just because they are in the same workspace. Workspace owners have broader administrative visibility, so keep that role limited.

Synced issues and pull requests also remain governed by the source system. A private todo can hide native work, but it cannot make a Jira issue, GitHub pull request, or Linear issue private in the source tool.

Connected tool access

We inherit user-level permissions from connected systems. GitHub, GitLab, Slack, Jira, Linear, Google Calendar, and similar providers still control what the user or app can access.

Each user's integration data is scoped to the accounts, organizations, projects, repositories, channels, and calendars they authorized. Organization-level installs such as Slack or the GitHub PR Bot still rely on the provider's own admin approval and access controls.

API and app access

API Keys have workspace-level read and write access and can be revoked. OAuth Apps act with user-granted access. Webhooks send selected workspace events to registered HTTPS endpoints.

Agent execution boundary

Session creation queues work. Execution starts after a worker claims the session, and local workers are owner-only so execution stays on the machine of the user who started the worker.

Use this with Roles and Security when reviewing access.

PreviousWriter ModeNextNotification Types

Related Articles

Spec-driven development

Use initiatives, bugs, and todos as the source context for people, coding tools, and agents.

Writer Mode

Use Writer Mode to turn rough initiative context into a structured working brief.

Todos

Todos are simple day-level work owned by one person.

Bugs

Capture defects with the detail needed for triage, ownership, and repair.

  • Workspace and team access
  • Connected tool access
  • API and app access
  • Agent execution boundary
  • Back to top