Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.elementum.io/llms.txt

Use this file to discover all available pages before exploring further.

Groups are the primary way to manage access in Elementum. Assigning roles, data access policies, and approval responsibilities to a group rather than to individual users keeps onboarding fast, makes audits straightforward, and ensures access stays aligned with how your organization actually works. Build the groups that mirror your organization first — typically by team, function, or location — then attach roles and data access to those groups before inviting users.

Create a Group

  1. Open Settings icon Org SettingsGroups.
  2. Click New Group in the top right corner.
  3. Enter the Group Name.
  4. Select a Group Type to determine how members are added to the group:
    • Add user to group individually — Add and remove members manually, one at a time. Best for small, stable groups where membership is intentional, such as a core project team, a leadership group, or an approval committee.
    • Dynamically add users to group in bulk by email domain using auto assignment domains — Automatically includes every active user whose email address matches one of the organization’s approved email domains. Membership updates automatically as users are added to or removed from the org. Best for broad, inclusive groups like “All Employees” or “All Contractors” where you want everyone in a given domain included without manual upkeep.
  5. Select one or more Group Visibility options to control how the group can be referenced across Elementum. Each option is independent — enable only the capabilities the group actually needs. Leaving an option disabled is the most effective way to prevent the group from being surfaced, notified, or granted access in contexts where it should not appear.
    • Mentionable — Allows the group to be @-mentioned in comments. When enabled, mentioning the group sends a notification to every member. Disable this if the group contains sensitive stakeholders or has a large dynamic membership you do not want to broadcast notifications to.
    • Watchable — Allows the group to be added as a watcher on records, tasks, and workflows. Watchers receive updates when the record changes. Disable this if group members should not automatically receive record-level activity notifications.
    • Assignable — Allows the group to be assigned to work items or tasks that support group assignment. When a group is assigned, every member becomes an accountable assignee and can receive related notifications. Disable this to keep the group reference-only and prevent it from being placed on records as an owner or assignee.
    • Approvers — Allows the group to be designated as an approver in an approval process. Any member can act on the approval on behalf of the group, which exposes them to the approval request and its context. Only enable this for groups whose members are authorized to approve on behalf of the organization.
    • Data Access — Makes the group available for use in object data access policies. When disabled, the group will not appear as an option when configuring record-level access rules.
  6. Click Save.
  7. Add users to the group using the search field (for individually managed groups) or confirm the auto-populated list (for domain-based groups).
  8. Optionally, add a photo to represent the group.
Dynamic groups can grow quickly and may include users you did not intend to notify or grant access to. Review the Group Visibility settings carefully — especially Assignable and Approvers — before enabling them on a dynamic group.
Each visibility option independently exposes a group to a different surface area in the product. As a general rule, enable only the visibility options the group needs to do its job, and pair restrictive visibility settings with an object data access policy to control which records the group can see.

Edit or Delete a Group

The Groups page displays basic information about each group.
  • Edit a group — Select a group on the Groups page to update its details or export a list of users in the group.
  • Delete a group — Click the delete icon on the far right side of a group to permanently remove it.
Deleting a group is permanent and cannot be undone. Users in the group will lose any permissions that were assigned through that group.
System-managed groups (All Users, Internal Users, and External Users) cannot be deleted. The delete icon is not shown for these groups.

System-managed Groups

Elementum automatically creates three groups in every organization. Their membership is maintained automatically as users are added or removed — you do not need to manage membership manually.
GroupWho it includes
All UsersEvery active user in the organization
Internal UsersUsers with internal (non-guest) accounts
External UsersUsers with external or guest accounts
System-managed groups cannot be renamed, re-typed, or have their membership edited manually. The only properties Org Admins can change are the five Group Visibility checkboxes: Mentionable, Watchable, Assignable, Approvers, and Data Access. To edit the visibility properties on a system-managed group:
  1. Open Settings icon Org SettingsGroups.
  2. Select the system-managed group you want to configure (All Users, Internal Users, or External Users).
  3. Select or clear the Mentionable, Watchable, Assignable, Approvers, and Data Access checkboxes as needed.
  4. Click Save.
These checkboxes affect all users in the group. Clearing Assignable on All Users, for example, removes the group from assignment lists across the entire organization. Review the impact before making changes to system-managed group visibility.
Every new user is automatically added to the All Users group. This group is intended for organization-wide defaults only — do not rely on it to grant sensitive or record-level access, since every active user is a member.

Users

Invite users into your organization and view their group memberships

Roles & Permissions

Assign permissions to groups through managed or custom roles

Object Data Access

Control which records each group can access with data access policies

Notifications

Configure organization, app, and user-level notification preferences