Skip to main content

Groups & RBAC

Groups let you scope insights and skills to specific teams within your organization. Each group has its own permission model so you can control who can read, write, and administer knowledge.

Permission Model

Group membership uses a three-level permission hierarchy:

LevelCapabilities
adminFull control — manage members, update group settings, delete the group, plus all write and read capabilities
writeDeposit insights and create skills within the group, plus all read capabilities
readQuery insights and view skills scoped to the group

Organization admins always have access to all groups regardless of their group-level membership.

Default Group

Every organization starts with a default group that is automatically created. The default group cannot be deleted. All org members have implicit access to the default group, making it the shared knowledge pool for the entire organization.

Creating Groups

Create groups from the dashboard to organize knowledge by team, project, or domain. Each group has:

  • Name — human-readable label
  • Slug — URL-safe identifier, auto-generated from the name
  • Description — optional context about the group's purpose
  • Privacy — private groups are only visible to their members
  • Color — optional accent color for visual identification

The creator is automatically added as a group admin.

Group-Scoped Queries

Pass the groups parameter on query_insights to restrict results to specific groups. Only groups where the caller has at least read permission are included. If no groups are specified, results come from all groups the user has access to.

// MCP tool call
query_insights({
  query: "database migration patterns",
  groups: ["backend-team", "infrastructure"]
})

Group-Scoped Deposits

Pass the group_id parameter on deposit_insight to scope a new insight to a specific group. The caller must have at least write permission in the target group. If no group is specified, the insight is deposited to the organization's default group.

// MCP tool call
deposit_insight({
  kind: "PATTERN",
  content: "Always use connection pooling for Postgres...",
  group_id: "550e8400-e29b-41d4-a716-446655440000"
})

Availability

Groups are available on the Team tier and above. Free and Pro tier organizations do not have access to group-scoped features — all insights are organization-wide.