Logo StartupKit
EN

Team Access Control

Give each team member the right level of access to Hiring, Security, Outreach, and Training — and audit or revoke it when they leave.

Why It Matters

Not everyone on your team needs to see everything. Your recruiter doesn’t need vulnerability reports; your security lead doesn’t need outreach campaigns. Team access control lets you decide, per person and per product, who can view, who can manage, and who stays out — and gives you a single page to answer “what exactly can this person access?” when audit or offboarding time comes.

Products and Access Levels

Kit has four products: Hiring, Security, Outreach, and Training. Each team member gets one access level per product:

Level What it means
No access The product is off-limits. Opening it shows an access-denied screen with a way to request access.
Member Standard day-to-day access — view and work with the product’s content, subject to any per-item assignments (e.g., restricted job postings).
Admin Full control of that product — create, configure, and manage everything in it, without needing per-item assignments.

If you never set a level for someone, they’re a Member — existing team members keep working exactly as before; nothing gets locked out until you decide to change it.

Account Admins sit above product levels: they see every product, access everything, and are the only ones who can manage the team’s access.

Note

Product levels control access to a whole product. Within a product, finer-grained assignments still apply — for example, restricted job postings remain visible only to their assigned hiring team. See Inviting Your Team for how job-level roles work.

The Modules Matrix

Go to Settings → Team → Modules for the whole-team view: one row per member, one column per product. Pick a level in any cell and it applies immediately.

Two shortcuts speed this up:

  • Roles — each row has a quick-picker with predefined team roles like Recruiter, Security Analyst, Growth, or Trainer. Picking one fills sensible levels across all four products in one click; you can still adjust individual cells afterwards.
  • Account admin toggle — flipping it grants full access to everything and collapses the row, since per-product levels no longer apply.

Tip

Start from a role, then tweak. Roles encode the levels most teams actually use — Recruiter gets Hiring admin and little else, Security Analyst gets Security admin. It’s faster and less error-prone than setting sixteen cells by hand. See Team Roles for what each role covers.

The Member Access Page

For a single-person deep dive, go to Settings → Team → Members and click a member. Their access page shows:

  • Role — their team role, from full Admin down to Member
  • Product levels — their level for each of the four products, editable in place
  • Access ledger — a read-only list of every specific item they can touch: which job postings, which reports, which campaigns, and since when

Reading the access ledger

The ledger answers “what can this person access, and where?” without clicking through four products. Each entry names the item, the product it belongs to, and the date access was granted. Use it to:

  • Prepare for a security or compliance audit
  • Double-check a contractor only sees what they should
  • Review everything a departing member touches before offboarding

Requesting Access

When a member opens a product they don’t have access to, they see an access-denied screen — not an error, a door. It includes a one-click Request access button that notifies all Account Admins. The admin can then grant a level from the Modules matrix or the member’s access page.

Offboarding a Member

When someone leaves, open their member access page. You have two options:

Action What happens
Revoke all access Keeps their seat but strips every product level and every individual grant in the ledger. Good for leave-of-absence or role changes.
Remove from account Removes them from the team entirely.

If the person is the sole owner of something — the only hiring manager on a posting, the only assignee on a report — Kit won’t leave those items orphaned. Before completing the revoke or removal, it asks you to pick who takes over, and reassigns everything in the same step.

Warning

Revocation strips everything at once and doesn’t keep an undo list. After “Revoke all access”, the member’s individual grants are gone — restoring them means re-adding each one by hand. Review their access ledger before revoking, and choose successors carefully during reassignment: once ownership moves, the previous owner is fully detached from those items.

Do / Don’t

Do Don’t
Use roles to set levels consistently across similar people Hand-pick sixteen cells per person when a role covers 90% of it
Review the access ledger before offboarding Remove a member blind — sole-owned items will force a reassignment prompt anyway
Use “Revoke all access” for leave or role changes Remove someone from the account when they’re coming back
Leave levels unset for members who need standard access Set “No access” everywhere as a default — that’s what revoke is for

Quick Checklist

  • Open Settings → Team → Modules and review every member’s row
  • Apply roles for common jobs, then fine-tune individual cells
  • Flip the account admin toggle only for people who manage the team
  • Spot-check a member’s access page and ledger to confirm it matches expectations
  • Tell your team about the Request access button so denials don’t become support tickets
  • At offboarding: review the ledger, pick “Revoke all access” or “Remove from account”, and assign successors for sole-owned items

Type to search...