Skip to content

Creating & Managing Teams

Teams allow you to group users together to simplify access management across collections and threat models.

Instead of assigning permissions to individual users, you can assign access at the team level and manage permissions more efficiently as your organization scales.

Overview

Teams are used to:

  • Group users with similar responsibilities
  • Control access to collections and threat models
  • Simplify permission management

Teams do not replace user roles. Roles determine what actions a user can perform, while teams determine which collections and models they can access.

Creating and Managing Teams

Teams are created and managed from the User Management area of the platform.

To create a team:

  1. Open Settings.
  2. Navigate to Users.
  3. Select the Teams tab.
  4. Select Add Team.
  5. Enter a team name.
  6. Add users to the team by selecting them from the list or searching by name.
  7. Associate one or more collections with the team.
  8. Save the team.

Once created, the team immediately controls access to the selected collections.

How Team Access Works

When a collection is associated with a team:

  • Only users on that team can access the collection
  • Access applies to all threat models within the collection
  • Permissions are enforced consistently across the team

Note
The Owner of a collection is the only role that can permanently delete a collection, regardless of team permissions.

Team Permission Levels

Teams can be assigned one of three permission levels per collection:

  • Read — View-only access
  • Write — Can edit threat models
  • Manage — Full administrative control of the collection

Permission levels determine what actions team members can perform within the associated collections.

Permissions by Capability

The following sections summarize what each permission level allows.

Collection Permissions

Action Read Write Manage
Archive / Unarchive No No Yes
Delete Permanently No No No
Change Owner No No No
Manage Sub-Collections No No No
Update Collection Details No No Yes

Threat Model Permissions

Action Read Write Manage
Create Threat Models No No Yes
Update Threat Models No Yes Yes
Delete Permanently No No Yes
Duplicate No No Yes
Archive / Unarchive No No Yes
Change Owner No No Yes
Move Status on Board No Yes Yes
Import OTM File No No Yes
Export (PDF / OTM) Yes Yes Yes
List Model Versions Yes Yes Yes
Restore Historical Version No No Yes

Review Permissions

Action Read Write Manage
View Reviews Yes Yes Yes
Add / Update / Delete Changes Yes Yes Yes
Update Change Status No Yes Yes
Post Comments No Yes Yes
Request Changes / Approve Yes Yes Yes
Delete Reviews No No Yes

Canvas and Component Permissions

Action Read Write Manage
Create Diagram from Template No Yes Yes
Create Blank Diagram No No Yes
Update Canvas No Yes Yes
Delete Canvas No No Yes
Create / Update / Delete Components No Yes Yes

Attributes, Threats, and Mitigations

Action Read Write Manage
Create No Yes Yes
Update / Delete Author Only Author Only Author Only

Important Notes

  • Team permissions apply at the collection level
  • User roles still control global platform capabilities
  • Collection ownership supersedes team permissions for destructive actions
  • Teams simplify access management but do not override ownership rules

Best Practices

  • Use teams to represent real-world groups (product teams, security teams, platform teams)
  • Assign the least permission level required for each team
  • Periodically review team membership and collection access

Well-structured teams help maintain secure, scalable collaboration across your threat modeling efforts.