I like to know what others are doing to have better organization of managing their users against workspaces, bases, and interfaces, specifically within their organization. I have built a number of apps amongst different departments. We have not decided to turn on enterprise hub yet for our enterprise account but we do have SSO. However, I think using groups would be useful as a growing community of users is developing. I’m a little clunky with using groups and will need to a lot of clean up.
Structurally this is how I’m laying it out:
- Workspace per department
- Product owners of the Base have creator access only at the Base NOT at the Workspace level (Reasons - within the department could have multiple products not meant for other team members thus at the Workspace level gives too much control)
- Groups - Product owners are Group Managers
My logic in what I’m thinking to do:
- At the Base level manage access for creators only
- Instead of inviting people directly to the base or interface per a permission level as we’ve been doing, have them do SSO to Airtable first, then add them to a Group.
- Said Group would have specific access controls like Ready Only to the base or interface or both
Thus when I look at the list of collaborators for a base or interface I should see something like this
- John Doe - Creator
- HR Talent (Group) - Read Only
- HR Comp (Group) - Read Only
I think this is cleaner than seeing a laundry list of collaborators.
What I want to avoid going forward is the notifications of people to “Grant Access” for bases or interfaces that’s been handed off to Product Owners. Have them self manage people that need to come and go.
One thing I’m concerned about is that if the user doesn’t already exist in Airtable they cant be added to the group. The log on and management will be a bit clunky unless I’m missing how this can work out.
Thoughts?
