In Backlog, there are 3 roles for users: Member, Guest, and Administrator.
When you invite a user to your organization, you can choose which role to assign to them:
-
Member: Members have access to the collaboration functions and basic project settings. When added to a project, members will have access to the information in the project, and they can collaborate using the available features under their organization’s Backlog plan, e.g. Issues, Boards, Files, Git, Wiki, Gantt Chart, etc.* If a user is not a member of a project, they will not be able to access that project.
-
Administrator: Administrators have more privileges than members. Admins can manage the Backlog Space settings, Organization settings, add/remove users in the organization, assign privileges to users, manage project settings, add/remove project integrations, create/archive/delete projects, as well as manage project members.
-
Guest: Guests can use Backlog features (Issues, Wiki, Files, Git/Subversion repositories, etc) just like members, unless restrictions are put on their account by the Administrator.* However, the main difference is guests are prevented from viewing the organization’s member list. They cannot view other teams in the organization, nor members of those teams, but they can view the team they are in (if any), and its members.
*Administrators can further restrict members and guests actions to “add issue only” or “view only” within the Space.
Understand role differences to better manage information security
By understanding that members can only access and collaborate within their participating projects, we can plan how to set up a project and its members so that information is secure and visible only to relevant users.
Example use case: a company with multiple departments
For a company with multiple departments, e.g. IT, HR, Sales, etc, each department can create their own separate projects. This way, only department members can view and collaborate in their projects, and information access is controlled.
Additionally, staff can focus on their relevant tasks and issues without being distracted by another department’s work.
What you want to achieve:
To control or limit information access to relevant users only, and minimize any potential information leaks.
What you can do:
Create projects for different departments, teams, or work projects, and add members to give them access.
If you have an external partner like a freelancer or client, you can add them as guests. They will still be able to use normal Backlog functions like Issues, Wiki, and Git. But they will not be able to view the list of organization members.
To restrict their permissions to view only or edit only on issues/comments and more, you can apply further restrictions on them individually.
Useful links for more details:
Adding, Deleting and Editing Users in the Space