- Separate access between different teams or departments
- Restrict sensitive projects to specific individuals
- Comply with security policies that require access segregation
- Manage contractor or external consultant access
How Does It Work?
Content Access Management operates at two levels:Company-Level Setting
Your company has a Project Access Control toggle that determines the overall access model:- Disabled (Default): Open access model - all users in your company can access all company projects
- Enabled: Restricted access model - users can only access projects they’ve been explicitly granted access to
Project-Level Access
When Project Access Control is enabled, users gain access to a project through one of three ways:- Team Members
- Project Members
- Project Owners
Users who belong to a team assigned to the project automatically receive member-level access. This provides the same permissions as direct members but is managed at the team level rather than per-project.Learn more about teams in our Teams Guide.
Special Cases
API Access: Access control applies to both the web interface and API calls. Users can only access project data through the API if they have proper permissions.
How to Implement Content Access Management
1
Enable Project Access Control
- Navigate to your Company Settings
- Locate the Project Access Control setting
- Enable the toggle for “Project Access Control”
- Save your changes
2
Assign Access to Projects
After enabling Project Access Control, you need to grant users access to projects:
- Navigate to the Content Access page
- You’ll see a list of all your company’s projects
- For each project, you can:
- View current members and teams
- Add new users as owners or members
- Add teams to the project
- Remove existing access
- Adding Individual Users
- Adding Teams
- Click on the project you want to manage
- Select Add Member or Add Owner
- Choose the user from your company’s user list
- Select their role:
- Owner: Full project control
- Member: View and interact with security data
- Confirm the addition
3
Verify Access
After assigning access:
- Review the Content Access page to ensure assignments are correct
- Test with a user account to verify they can access appropriate projects
- Check that users without access cannot see restricted projects
4
Ongoing Management
As your organization evolves:
- New Projects: Assign owners and members when creating new projects
- New Users: Add them to relevant projects or teams
- Role Changes: Update access when people change roles
- Departures: Remove access when people leave teams or the company
Best Practices
Plan Before You Enable
Plan Before You Enable
Before turning on Project Access Control:
- Document which users should have access to which projects
- Consider creating teams first to simplify assignment
- Communicate the change to your organization
- Consider starting with a pilot group of projects
Use Teams for Scalability
Use Teams for Scalability
For projects with multiple users, use teams instead of individual assignments:
- ✅ Add “Backend Team” to 10 projects (10 operations)
- ❌ Add 15 individual users to 10 projects (150 operations)
Assign at Least One Owner Per Project
Assign at Least One Owner Per Project
Every project should have at least one owner who can:
- Manage project settings
- Add/remove other users
- Handle project-specific configuration
Distinguish Owners from Members
Distinguish Owners from Members
Use ownership strategically:
- Owners: Project leads, managers, senior engineers responsible for the project
- Members: Contributors, reviewers, stakeholders who need visibility
Regular Access Audits
Regular Access Audits
Schedule periodic reviews of project access:
- Quarterly or bi-annually, review who has access to each project
- Remove access for users who no longer need it
- Update access for users whose roles have changed
- Export access data for compliance purposes
Use the Search Function
Use the Search Function
The Content Access page includes search functionality:
- Quickly find specific projects
- Search for users to see which projects they can access
- Filter to identify projects with unusual access patterns
Export Access Data
Export Access Data
Export your access configuration for:
- Compliance audits
- Security reviews
- Documentation purposes
- Backup before making bulk changes
Consider Your Workflow
Consider Your Workflow
Match your access control to how your organization actually works:
- If teams are siloed (separate frontend/backend/mobile), use strict access control
- If teams are fluid and collaborative, you might prefer open access
- Use a hybrid approach: open access for most projects, restricted access for sensitive ones (though this requires keeping some projects in a separate company space)
Communicate Changes
Communicate Changes
When modifying access:
- Inform affected users before removing their access
- Explain why access is being granted or revoked
- Document your access policies so users understand the rules
Start Conservative
Start Conservative
When in doubt:
- Grant member access instead of owner access
- Users can always request elevated permissions if needed
- It’s easier to grant additional access than to revoke it
Frequently Asked Questions
What happens to existing users when I enable Project Access Control?
What happens to existing users when I enable Project Access Control?
They immediately lose access to all projects where they haven’t been explicitly assigned as owners, members, or through a team. Plan accordingly and assign access before or immediately after enabling the feature.
Can I enable access control for some projects but not others?
Can I enable access control for some projects but not others?
No. Project Access Control is a company-wide setting. It’s either enabled for all projects or disabled for all projects within your company.
What's the difference between an owner and a member?
What's the difference between an owner and a member?
Owners can configure project settings, manage access, and delete projects. Members can view and interact with security data but cannot modify project configuration or manage access.
If someone is both a direct member and part of a team assigned to a project, what happens?
If someone is both a direct member and part of a team assigned to a project, what happens?
They have access through both paths. Removing them from the team doesn’t affect their direct member access, and vice versa.
Can users see which projects exist even if they don't have access?
Can users see which projects exist even if they don't have access?
No. When Project Access Control is enabled, users can only see projects they have access to. Projects they cannot access are completely hidden.
Do integrations respect access control?
Do integrations respect access control?
Yes. API calls and integrations respect the same access control rules as the web interface.
Can I temporarily disable access control to test something?
Can I temporarily disable access control to test something?
Yes, you can toggle Project Access Control on and off. However, each time you disable and re-enable it, you’ll need to verify access assignments are still appropriate.
Who can manage project access assignments?
Who can manage project access assignments?
Project owners can manage access for their specific projects. Company administrators can manage access for all projects. Regular members cannot manage access.
Does this affect how issues are scanned or fixed?
Does this affect how issues are scanned or fixed?
No. Access control only affects who can view projects and their data. It doesn’t change how Corgea scans repositories or generates fixes.
Related Documentation:
- Teams Guide - Learn how to create and manage teams for efficient access control
- User Management - Managing users in your organization