Tutorial · Permissions
Permissions: deny-by-default access control
In Cadenio nobody sees anything until you grant it. Org-wide roles set the baseline, folder and flow rules override it, and per-task rules restrict individual steps.
5 min read · Admins
How the layers stack
Access resolves from broad to specific; more specific rules win.
- Org-wide roles
- The baseline for everyone: what a role can do across the whole workspace.
- Folder & flow rules
- Override the baseline for a specific folder or flow, to widen or narrow access where it matters.
- Per-task permissions
- The finest grain: restrict who can see or act on an individual task, set inside the flow's editor (People → Permissions).
- Deny by default
- If nothing grants access, there is none. Safe by design, especially for compliance-sensitive work.
Grant access to groups, not individuals, wherever you can. When someone joins or leaves a team, you change one group membership instead of editing rules across dozens of flows.