Effective access is the intersection of an active session, organization membership, role permissions, and record scope.
Start with the role
The role defines allowed actions such as viewing financials, creating punch items, or managing team access.
Apply the membership scope
Organization scope applies permitted actions across the tenant. Assigned scope limits them to linked projects.
Respect record-level rules
Client, subcontractor, and field records can have additional ownership or publication checks.
Audit sensitive changes
Role updates, membership changes, approvals, and financial status changes should leave an audit event.