Team and security
Brandow Storage is multi-user and company-scoped by design. This guide covers how teams collaborate safely.
Company boundaries
Each workspace is tied to a company context.
- Users can belong to multiple companies
- Data access is scoped to the active company
- Company checks happen in authenticated app routes (
/d/*)
Roles at a glance
- Owner: highest control, company-level management
- Admin: broad management access
- Custom roles: Table-level view/edit permissions
Recommended default:
- Keep Owner count low (1 to 2 trusted people)
- Use Admin for operational managers
- Grant custom role access by least privilege
Invite flow behavior
Brandow Storage supports three key invite scenarios:
- Invited new user signs up and then joins
- Invited existing user signs in and then joins
- Already signed-in user accepts invite directly
When invite tokens are invalid/expired/revoked, users should receive explicit feedback.
Security best practices
- Review role permissions monthly.
- Avoid broad edit access on sensitive Tables.
- Keep naming conventions clear to reduce accidental edits.
- Confirm invite recipient identity for high-impact roles.
- Revoke stale invites quickly.
Data handling guidelines for teams
- Use structured status/select fields for critical workflows
- Avoid storing confidential secrets in free-text fields
- Keep Row data clean and consistent for better AI outputs
- Define "source of truth" Tables for key entities
Operational checklist for admins
- [ ] Verify current members and role assignments
- [ ] Remove or downgrade unnecessary high-privilege access
- [ ] Revoke old pending invites
- [ ] Validate that important Tables are permissioned correctly
- [ ] Confirm new team members can access only intended areas
Common team setup mistakes
- Everyone assigned Admin by default
- No role separation between read-only and editors
- No documented ownership for important Tables
- Invite links sent without role plan first
Related docs