In general, Range makes as many operations accessible to any user in the workspace. High-performance teams work best in high-trust environments, and autonomy and agency remove organizational friction.

Even so, some controls are necessary in order to secure sensitive information or prevent inconvenience for other users. In order to do that Range utilizes a combination of role-based access controls (RBAC) and attribute based access controls (ABAC).

Roles, permissions, and policies

Roles

• Standard The default for all new users.
• Admin Assignable by the owner and other admins.
• Owner The person who created the workspace, contact support to reassign.

In-app permissions

Admins and Owners may:

• Manage user accounts — enable/disable, elevate access level
• Change the workplace URL
• Access detailed billing information
• Access past invoices
• Manage plan and credit card

Workspace level integrations — e.g. Slack and GitHub — may be restricted to admins on request.

Account policies

Admins may:

• Request changes to billing contacts and invoicing
• Request changes to authentication restrictions (e.g. SSO)

Owners act as the Data Controller for the workspace and may:

• Approve data deletion requests
• Approve data export requests
• Approve account deactivation and deletion

Privacy settings

By default, Check-ins and other information shared in Range may be viewed by any user. Currently, Range does not allow for teams, check-ins, objectives, or entire meetings to be private. Private meeting agenda items are available.

How locked teams limit access

Any user has the ability to ‘lock’ team membership. Once a team is locked, new members must be added to the team by an existing team member or a workspace admin.

Locked teams allow you to control a team’s memberships but do not affect the default visibility of actions taken by those users.

How to limit who can see Check-ins

To share private Check-ins, each user will opt to publish privately. The privacy setting is sticky, such that once a user opts for a private Check-in, they will continue to share private Check-ins until they change the setting.

Private Check-ins are not shared to Slack.

When a Private Check-in is published, only current team members will have permission to see the check-in.

• If someone joins a team after a private check-in was published it will not be visible to them
• If someone leaves a team after a private check-in was published they will still have access to the data

Team membership changes trigger notifications that can be received by email, Slack, or as desktop notifications so you can be confident in who will see your private Check-ins.

Locked teams adds an additional layer of control which pairs well with private check-ins.

Private meeting items

The Range Meeting tool allows for private notes to be associated with an agenda item. These notes are restricted to attendees, and only attendees may modify a meeting. Attendees added to a meeting in the future are not permitted to see past private notes, however open action items will be visible since they are always carried over to the next meeting.