Catalio’s sharing system gives you complete control over who can access your requirements, processes, and other resources. Whether you’re working privately on early drafts, collaborating with your team, or sharing across your entire organization, Catalio’s flexible access control adapts to your needs.
Why Sharing Matters
In enterprise environments, requirements management involves multiple stakeholders with different roles and access needs:
- Business Analysts creating initial requirements need private workspace for drafts
- Development Teams need access to approved requirements for implementation
- Project Managers need visibility across all team resources for coordination
- Security and Compliance teams need controlled access to sensitive requirements
Catalio’s sharing system addresses these needs with a simple yet powerful model that balances security with collaboration.
The Three Visibility Levels
Every resource in Catalio has a visibility setting that determines who can access it by default:
Private
Who can access: Only the owner
Private resources are completely hidden from everyone except the owner. Use this for:
- Early drafts you’re not ready to share
- Sensitive requirements that need restricted access
- Personal notes and work-in-progress items
With private visibility, you must explicitly share the resource with specific teams to grant access. No one else can see or search for private resources.
Best for:
- Draft requirements still being refined
- Confidential business requirements
- Personal workspaces
Shared
Who can access: Only teams you explicitly grant access to
Shared visibility means the resource is hidden by default but can be accessed by teams you specifically invite. This gives you fine-grained control over exactly who can view and edit your work.
When you set a resource to “shared,” you’ll use the sharing modal to add teams with specific permission levels (viewer, editor, or admin).
Best for:
- Cross-functional requirements needing input from specific teams
- Sensitive requirements shared with limited stakeholders
- Collaborative work with defined participant groups
Internal
Who can access: All members of your organization
Internal resources are visible to everyone in your organization. This is the most open setting and is ideal for requirements that benefit from broad visibility and input.
With internal visibility, any authenticated user in your organization can view the resource. However, only users with explicit editor or owner grants can modify it.
Best for:
- Finalized, approved requirements
- Organization-wide standards and guidelines
- Resources that benefit from broad visibility
How Visibility and Permissions Work Together
Visibility controls who can see a resource, while permissions control what they can do:
| Visibility | Who Can See? | Who Can Edit? |
|---|---|---|
| Private | Owner only | Owner only |
| Shared | Explicitly shared with | Teams with editor/owner grants |
| Internal | All org members | Teams with editor/owner grants |
Even with internal visibility, only users with explicit editor or owner permissions can modify the resource. Organization admins have full access to all resources regardless of visibility.
Understanding the Access Hierarchy
Catalio uses a hierarchical permission model where access can come from multiple sources:
1. Direct Access
The most straightforward source: you or your team have been explicitly granted access to the resource.
2. Inherited Access
If you have access to a parent resource, you automatically have access to its children. For example:
- Access to a Requirement grants access to its Use Cases and Test Cases
- Access to a Process grants access to its linked Requirements
This inheritance reduces administrative burden while maintaining logical access boundaries.
3. Organization Admin Access
Organization administrators have full access to all resources within the organization, regardless of visibility settings or explicit grants.
Choosing the Right Visibility
Here’s a quick guide for selecting visibility:
| Scenario | Recommended Visibility |
|---|---|
| Working on an initial draft | Private |
| Collaborating with a specific project team | Shared |
| Publishing approved requirements | Internal |
| Documenting organization-wide standards | Internal |
| Sensitive compliance requirements | Private or Shared |
| Cross-team collaboration with limited scope | Shared |
Default Visibility Settings
Your organization administrator can configure default visibility for new resources:
- Default for Requirements: Typically internal or private
- Default for Processes: Typically internal
- Default for Components: Typically internal
These defaults can be changed when creating new resources or updated later.
What’s Next?
Now that you understand visibility levels, learn how to:
- Managing Access - Step-by-step guide to sharing resources
- Permission Levels - Understanding viewer, editor, and owner roles
- Best Practices - Security and collaboration guidelines
Quick Reference
Visibility Comparison
| Setting | Icon | Default Access | Additional Access |
|---|---|---|---|
| Private | Lock | Owner only | Via explicit share |
| Shared | Users | None | Via explicit share |
| Internal | Building/Org | All org members (read) | Edit via share |
Who Can Change Visibility?
- Resource owners can change visibility at any time
- Team members with editor access can change visibility
- Organization admins can change visibility on any resource
Access Priority
When determining access, Catalio checks in this order:
- Is the user an organization admin? → Full access
- Is visibility internal and user in same org? → Read access
- Does user have a direct grant? → Granted access level
- Does user have access via parent resource? → Inherited access level
- None of the above → Access denied
Need help? Contact support@catalio.ai or use the AI assistant in the application for guidance on sharing and access control.