Atlariem

Granular access control

Control what every person
can see and do.

Atlariem's permission groups let you define exactly what each team member can access — financial data, vendor records, people directories, asset cost fields, and the spend report — without locking anyone out of what they need.

Set up permissions View Atlariem Demo
← Groups Edit group
Finance Team Access to cost fields, spend report, and renewals
Assets
Finance
Reports
Workspace
Group summary
5 of 29 permissions granted
Granted
View assets Verify assets Manage renewals View financials View renewals
Owners and workspace admins always hold every permission — groups only apply to regular members.
29 permissions Fine-grained nodes across 8 categories — not three blunt roles that either give too much or too little
3 assignment scopes Assign a group to a whole department, a specific individual, or set it as the workspace default for new members
Matrix view One searchable table shows every group and every permission — granted or not — so you can audit the entire org at a glance

Every permission, documented

29 nodes. 8 categories. No guessing.

Every permission node is listed below with exactly what it controls. Build groups by checking only what each team actually needs.

Assets
9 permissions
  • View assets — Browse and search the asset registry
  • Add assets — Create new asset records
  • Edit assets — Update asset details, owners, and metadata
  • Archive assets — Archive or unarchive assets
  • Delete assets — Permanently delete asset records
  • Verify assets — Mark assets as verified or flag for review
  • Manage renewals — Log keep / cancel / replace decisions on upcoming renewals
  • Export assets CSV — Download asset data as a CSV file
  • Manage asset types — Create and manage custom asset type categories
Vendors
6 permissions
  • View vendors — Browse vendor records
  • View all vendors — See every vendor regardless of department visibility restrictions
  • Add vendors — Create new vendor records
  • Edit vendors — Update vendor details and visibility settings
  • Delete vendors — Remove vendor records permanently
  • Export vendors CSV — Download vendor data as a CSV file
People
6 permissions
  • View people — Browse the people directory and org chart
  • Add people — Create new person records
  • Edit people — Update person details, roles, and department assignments
  • Manage departments — Create and edit department records
  • View org chart — Access the org chart and reporting structure
  • Offboard people — Mark people as offboarded and trigger access reviews
Finance
1 permission
  • View financials — See cost, billing frequency, annual spend on assets, and the spend analysis report. Uncheck this to hide all financial data from members who should not see spend.
The Finance permission is off by default for new groups. Only people who make spend decisions — finance, ops leads, procurement — should have it enabled.
Atlas
1 permission
  • View Atlas — Access the Atlas relationship graph that maps every asset, person, vendor, and department as an interactive network
Reports
1 permission
  • Export all data — Export any data from the workspace as CSV. A separate escape hatch from the per-section export permissions in Assets and Vendors.
Workspace
4 permissions
  • View renewals — Access the renewals calendar and upcoming renewal list
  • Invite members — Send workspace invites via email or invite link
  • Manage tags — Create, rename, and delete asset tags
  • Manage groups — Create and configure permission groups
Scope
1 permission
  • Department scope only — Restrict the member to only see assets and people in their assigned departments. This is a restriction, not a grant — enabling it narrows what the person can see even if other permissions are on.
Pair Department scope with View assets and View people to give someone a clean view of only their team's footprint.

How groups work

Four steps from zero to configured.

Groups are the unit of access control. Create one for each role in your organization, then assign it where it applies.

  1. 1
    Create a named group Give the group a meaningful name — Finance Team, Read-Only Viewer, Department Manager, IT Admin — and an optional description that explains who it covers and why.
  2. 2
    Check the permission nodes Every permission is shown as a card with a label and a plain-English description. Check the ones this group should have. Leave destructive or sensitive permissions — Delete assets, Manage groups, View financials — unchecked unless the group genuinely needs them.
  3. 3
    Assign to a department or person Attach the group to an entire department so every member inherits it automatically. Or assign it to a specific individual to override their department default. One person, one group in effect at any time.
  4. 4
    Audit with the permission matrix Open the permission matrix to see every group and every permission in a single searchable table. Identify who has what, where you over-granted, and which groups are missing a critical permission — before someone notices at the wrong moment.

Common configurations

Start with these. Adjust from there.

Read-only viewer
Contractors, auditors, new hires
  • ✓ View assets
  • ✓ View vendors
  • ✓ View people
  • ✓ View org chart
  • ✓ View renewals
No edits, no exports, no financial data
Finance team
Finance, procurement, ops leads
  • ✓ View assets
  • ✓ View renewals
  • ✓ Manage renewals
  • View financials
  • ✓ Export assets CSV
No editing people or vendors
Department manager
Team leads, department heads
  • ✓ View assets · Edit assets
  • ✓ Verify assets · Add assets
  • ✓ View people · Edit people
  • ✓ Manage departments
  • ✓ View renewals · Manage renewals
No delete, no financial data, no groups
Dept-scoped member
Members who should only see their team
  • ✓ View assets
  • ✓ View vendors
  • ✓ View people
  • ✓ Verify assets
  • Department scope only
Scope restriction hides other teams' data

Permissions govern access to

Everything inside your workspace.

Feature

Asset Registry

Create one source of truth for every SaaS subscription, domain, website, ad account, automation, and vendor-controlled system.

Feature

Renewal Tracking

See upcoming renewals before they arrive in a personal inbox or surprise the budget.

Feature

Access Risk Detection

Find systems with missing owners, single administrators, or stale verification before they become business risk.

Feature

Vendor Management

Connect vendors to the assets, owners, contacts, and departments that depend on them.

Enterprise graph view

Atlas

See your entire digital operation as a living network. Atlas maps every asset, owner, vendor, and department into an interactive graph that reveals structure, risk, and relationships instantly.

Person-centered ownership

Atrium

Atrium is your personal ownership workspace. See every asset you own, administer, or back up across your organization — with a clarity score that tells you how accurate and current your footprint is.

Get started

Know who owns every critical service before the next disruption.

Explore the Atlariem Demo with real data, or get started to map your own critical services.

Get started Explore the Atlariem Demo