Groups
Groups let you manage access for teams or departments. All subjects in a group inherit the group's policies.
How groups work
- Create a group (e.g.,
Engineering Team) - Add subjects to the group
- Assign policies to the group
All members of the group now have access defined by those policies — through the group-based access path.
Groups vs roles
| Roles | Groups | |
|---|---|---|
| Purpose | Permission bundles | Organizational grouping |
| Policies | Assigned to the role | Assigned to the group |
| Subjects | Assigned a role | Added as members |
| Typical use | editor, viewer, admin | Engineering Team, Sales |
You can use both together. A subject can be in a group and have roles, and also have direct policy assignments. AuthzX evaluates all three paths.
Examples
| Group | Members | Policies |
|---|---|---|
| Engineering Team | Alice, Bob, Charlie | Can read+write engineering docs |
| Sales Team | Diana, Eve | Can read+write contacts and reports |
| All Staff | Everyone | Can read company-wide dashboards |