Three Gates Developer DocsDetected PHI tokenized before AI invocationDesigned to support HIPAA Security Rule obligations

Groups & Sharing Guide

Organize users into teams and apply group-specific policies

What are Groups?

Groups let you organize users into teams that mirror your org structure. Use groups to:

Organize by department - Create groups for HR, Finance, Ops, etc.
Apply group-specific policies - Different safety rules for different teams
Scope access to features - Control which capabilities each group can use

Creating a Group

Create groups via the Admin Dashboard or API:

POST /api/groups
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "name": "HR Team",
  "description": "Human Resources department",
  "orgId": "org_abc123"
}

Response:

{
  "groupId": "grp_xyz789",
  "name": "HR Team",
  "description": "Human Resources department",
  "orgId": "org_abc123",
  "createdAt": "2024-01-15T10:30:00Z",
  "memberCount": 0
}

Adding Members to Groups

Add users to a group to grant them access:

POST /api/groups/:groupId/members
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "userId": "usr_abc123",
  "role": "member"  // or "admin" for group administrators
}

💡 Member Roles:

member - Standard group member
admin - Can add/remove members and edit the group

Listing User's Groups

Users can view their group memberships:

GET /api/groups/my-groups
Authorization: Bearer YOUR_API_KEY

Response:

{
  "groups": [
    {
      "groupId": "grp_xyz789",
      "name": "HR Team",
      "role": "member",
      "joinedAt": "2024-01-10T08:00:00Z"
    },
    {
      "groupId": "grp_abc456",
      "name": "All Employees",
      "role": "member",
      "joinedAt": "2024-01-01T00:00:00Z"
    }
  ]
}

Group-Specific Policies

Apply different safety policies to different groups:

// Example: Finance team has stricter SSN blocking
POST /api/admin/policies
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "name": "Block All SSNs (Finance Only)",
  "pattern": "\\b\\d{3}-\\d{2}-\\d{4}\\b",
  "isRegex": true,
  "action": "block",
  "enabled": true,
  "groupId": "grp_finance123"  // Only applies to Finance group
}

// HR team has more permissive policy (redact instead of block)
POST /api/admin/policies
{
  "name": "Redact SSNs (HR Team)",
  "pattern": "\\b\\d{3}-\\d{2}-\\d{4}\\b",
  "isRegex": true,
  "action": "redact",
  "enabled": true,
  "groupId": "grp_hr456"  // Only applies to HR group
}

⚠️ Policy Precedence: Group-specific policies are evaluated after global policies. If a global "block" policy triggers, group policies won't override it.

Example Use Cases

HR Department

Group: "HR Team" with 8 members

Custom tasks: Exit Interview Summary, Performance Review Helper, Onboarding Guide
Policies: Redact SSNs (not block), allow employee names
Access: Can see all default tasks + HR-specific custom tasks

Finance Team

Group: "Finance & Accounting" with 12 members

Custom tasks: Budget Variance Analysis, Invoice Reconciliation, Tax Form Extractor
Policies: Block credit cards, block SSNs, warn on large numbers
Access: Can see finance tasks + organization-wide tasks

All Employees (Default)

Group: "All Employees" with 150 members

Tasks: All 20 default tasks (meeting notes, memo drafter, email responder, etc.)
Policies: Standard PHI detection, block SSNs, warn on profanity
Access: Read-only, cannot create custom tasks

Best Practices

Create an "All Employees" default group

Share organization-wide tasks with everyone automatically

Use descriptive group names

"HR Team" is better than "Group 1" for clarity

Assign group admins for delegation

Let department leads manage their own group memberships

Review group memberships quarterly

Remove users who change roles or leave the organization

Next Steps

Groups API Reference →

Complete API documentation for group management

Policy Management →

Learn how to apply group-specific policies