Roles & Permissions

How SixGrid controls what people can see and do.

SixGrid uses a two-tier role system to control what people can do: System Roles (organization-wide) and Project Roles (within a specific project). Groups are the foundational isolation boundary that ties both tiers together.

Groups

Every person lives in a group. Every project lives in a group. Groups are the isolation boundary.

Groups are how SixGrid keeps the right people focused on the right projects. Instead of giving everyone access to everything or manually managing permissions project by project, you organize people and projects into groups — and the system handles visibility automatically.

Example use cases:

  • Consulting firm — One group per client engagement. Each client contact (Manager) sees only their projects and people. Consultants (Users) work within their assigned client group.
  • Enterprise — One group per business unit or site. Each department lead (Manager) oversees their area. Practitioners (Users) see their department's projects.
  • Training company — One group per cohort or class. Instructors (Managers) manage their cohort. Students (Users) collaborate within their cohort.

When someone is invited, the admin selects their role and group. The role and group are applied automatically when the person accepts the invitation.

System Roles

Every person in your organization has a system role that determines what they can see and do across the app.

System RoleWhat They SeeWhat They Can DoGroup Assignment
OwnerAll projects, people, groups, reportsEverything. Full access to all data and settings. One per organization. The only person who will be able to manage billing (when available).Not scoped to a group — sees all
AdminAll projects, people, groups, reportsEverything the Owner can do except manage billing. Can invite people, manage groups, change roles, remove users. Unlimited Admins allowed.Not scoped to a group — sees all
ManagerProjects and people in their assigned groups onlyFull access within their assigned groups. Can invite Users into their groups. Can create and manage projects. Ideal for client contacts, department leads, and program managers.Assigned to one or more groups
UserProjects in their group + projects they're directly added toContribute to group projects (to-dos, notes, files). Full access to projects they create. Can be added to projects outside their group by a project leader.Assigned to one group
ExecutiveAll projects, people, groups, reports (read-only)View everything but cannot create, edit, or delete anything. Designed for executives, stakeholders, and sponsors who need visibility into program progress without editing.Not scoped to a group — sees all

Key points:

  • Owners and Admins see everything across the entire organization — they are not scoped to groups.
  • Managers see everything within their assigned groups — projects, people, and group settings. They have full editing access within those groups but cannot see anything outside them.
  • Users see all projects in their group and can contribute to them. They have full access to projects they create themselves. They can also be added to individual projects outside their group.
  • Executives see everything but cannot change anything. All write controls are hidden.

System role overrides: Organization Owners and Admins always have full access to every project. Managers have full access within their assigned groups. Executives are always read-only.

Group-Based Contributor Access

When a User opens a project in their group that they haven't been formally added to as a team member, they get contributor access — they can add to-dos, create notes, and upload files, but they cannot edit the charter, manage financials, create milestones, or change project settings.

Why this works this way: In a real continuous improvement program, group members should be able to participate lightly in projects without requiring formal team membership on every single project. The alternative — making group projects read-only for non-members — would force project leaders to manually add every person to every project before they could contribute even a single to-do. That overhead kills adoption and discourages the kind of organic collaboration that makes CI programs successful.

How it works in practice:

  • A User in the "Operations" group can open any Operations project and immediately start adding to-dos and notes
  • If they need full access (charter editing, financials, milestones), a project leader adds them to the project team with an appropriate role
  • If a User creates a project, they are automatically the Creator with full access, regardless of their system role

Project Roles

Within each project, team members have a project role that determines what they can do inside that specific project. Project roles are assigned when someone is added to a project on the People tab.

Project roles fall into two tiers:

Full Access Roles

Can do everything within the project:

RoleDescription
CreatorAutomatically assigned to the person who created the project. Has full edit access to everything.
Project LeaderThe person driving the project day to day. Owns the execution and results. In Lean Six Sigma, this is typically the Belt leading the DMAIC project. Only one Leader per project.
Associate LeaderSupports the Project Leader. Helps with execution, data collection, and team coordination. Full edit access.

Full access includes: editing the charter, managing financials (benefits and costs), creating and managing milestones, applying templates, managing project team members, and changing project settings.

Contributor Roles

Can participate but with limited editing:

RoleDescription
ChampionA senior leader who sponsors the project, removes barriers, and ensures organizational support.
MentorAn experienced practitioner who coaches the Project Leader on methodology and tools.
Financial RepThe person responsible for validating and verifying the financial impact of the project.
Team MemberA contributor who brings subject-matter expertise, collects data, and helps implement solutions.

Contributors can:

  • Create to-dos and notes
  • Edit and delete to-dos they created
  • Upload files
  • Delete files they uploaded
  • View all project data

Contributors cannot:

  • Edit the charter
  • Manage financials (benefits and costs)
  • Create, edit, or delete milestones
  • Apply templates
  • Add or remove project team members
  • Change project settings

System role overrides: Organization Owners and Admins always have full access to every project, regardless of their project role. Managers have full access to projects within their assigned groups. Executives are always read-only, even if they have a project role.

Inviting People

Owners, Admins, and Managers can invite new people from the All People page. The invite form has three fields:

  • Email address — The person's email. An invitation email with SixGrid branding is sent automatically.
  • Role — Select the system role: User, Manager, Admin, or Executive. Managers can only invite Users.
  • Group — Required for User and Manager roles. Select which group this person will belong to. Not shown for Admin or Executive roles (they aren't scoped to groups).

Click the (?) icon next to the role dropdown to see a quick summary of what each role can do.

After clicking Send Invite, the invitation appears in the Pending Invitations section below the form. Each pending invite shows the assigned role and group. You can Revoke a pending invite at any time.

When the person accepts the invitation and creates their account, they are automatically assigned the role and group you selected.

Manager invite restrictions:

  • Managers can only invite Users (not other Managers, Admins, or Executives)
  • Managers can only invite people into groups they manage
  • Managers only see pending invitations for their own groups

Managing Roles

On the All People page, Owners and Admins can change any person's system role using the dropdown next to their name. The available roles are Admin, Manager, User, and Executive. Managers can see the People page but have limited role change options — they cannot change anyone's system role.

Rules for role changes:

  • Only the Owner can change an Admin's role
  • Nobody can change the Owner's role (ownership transfer is a separate process)
  • You cannot demote yourself if you're the last Admin/Owner
  • When changing someone to Manager, you can assign them to specific groups
  • When changing someone away from Manager, their group assignments are cleaned up

Each person's row also shows their group name (or "—" if they don't belong to a group) and a count of how many projects they're on.

Removing someone from the organization: On the All People page, Owners and Admins see a Remove button on each person's row (except on the Owner's row and their own row). Clicking Remove shows a confirmation dialog. Removing someone also removes them from all projects they were on.

Changing project roles: Go to the project's People tab. Hover over a team member and click Edit to change their role. Only users with full project access (Creator, Leader, Associate Leader) or system Admins/Owners can manage project team members.

Adding someone to a project: On the project's People tab, click + Add Person. Select from the dropdown of organization members who aren't already on the project, choose their role, and click Add to Project.