# Access Scope ## **Understanding Access Scopes** Access scopes control which people a user can access in Agentnoon. If access groups define what someone can view or edit, access scopes define who those permissions apply to. ### **What access scopes are** An access scope is a set of filters that narrows a user’s access to a specific part of the organization. You can use access scopes to give someone access to: * the entire company * one or more departments * one or more locations * one or more manager hierarchies * people who match selected custom field values (Business unit, Entity, etc) This lets you give users the access they need without exposing the whole organization. ### **Why access scopes are useful** Access scopes are helpful when a user should only work with a specific part of the business. Common examples: * an HR business partner who supports only Engineering * a regional leader who should only see one office or country * a people manager who should only access their reporting structure * a specialist who works with a defined employee segment * a user who should see a broad area, except for one excluded group ### **The main types of access scopes** #### **Entire company** If no filters are selected in a scope, that scope behaves like an entire-company scope. Use this when the user’s permissions should apply across the whole board. #### **Filtered scopes** These are the most common scopes. They include people based on filters such as: * Department * Location * Manager * Custom fields * Sensitive data Manager-based scopes include the selected manager and their full reporting tree, so they work well when access should follow the org structure. #### **Hidden scopes** A hidden scope is used to exclude people. This is not the same as hiding certain fields. A hidden scope removes matching people from the user’s accessible set entirely. Use hidden scopes when someone should see a broad group, but one part of it must be excluded. #### **Layered scopes** A user can have more than one visible scope. This is useful when access needs to come from more than one rule. For example, a user may need access to: * everyone in Engineering * plus everyone on Project Team Alpha In that case, both visible scopes work together. ### **How filters work inside one scope** Each scope can combine fields using AND or OR. #### **Use AND for narrower access** With AND, a person must match every populated field in the scope. Example: * Department = Sales * Manager = VP West * Combine fields with AND This includes only people who are both: * in Sales * and in VP West’s reporting tree #### **Use OR for broader access** With OR, a person can match any populated field in the scope. Example: * Department = Sales * Manager = VP West * Combine fields with OR This includes people who are: * in Sales * or in VP West’s reporting tree * or both That same pattern applies to: * multiple departments * multiple locations * multiple managers * multiple custom field values * multiple sensitive data values So the rule is: * within one field, selected values behave like OR * across different fields, the scope uses AND or OR depending on the setting ### **How multiple scopes work together** When a user has multiple visible scopes, those scopes stack by adding access together. That means if a person matches any visible scope, they are included. Example: * Scope 1: Department = Engineering * Scope 2: Custom Field = Project Team Alpha The user can access: * everyone in Engineering * plus everyone on Project Team Alpha If a hidden scope also exists, it removes matching people from that result. Example: * Visible scope: Department = Sales * Hidden scope: Manager = VP West The user can access Sales, except for the VP West hierarchy. ### **What happens when scopes overlap** Sometimes the same person is included by more than one visible scope. When that happens, Agentnoon treats scopes lower in the list as more specific for that person’s field-level permissions. In plain language: * lower scopes in the UI take priority when the same person is covered by multiple visible scopes This matters most when overlapping scopes use different field permissions. ### **Examples** #### **Example 1: Department-based access** An HRBP supports Engineering only. Use: * one visible scope for Department = Engineering #### **Example 2: Multi-location access** A leader should see London and Toronto. Use: * one visible scope for Location = London, Toronto Because values in the same field behave like OR, this includes either location. #### **Example 3: Narrow access with AND** A user should only see Sales employees under VP West. Use: * Department = Sales * Manager = VP West * Combine fields with AND #### **Example 4: Broader access from multiple rules** A user should see: * everyone in Engineering * plus everyone on Project Team Alpha Use: * two visible scopes\ or * one broader scope using OR #### **Example 5: Broad access with one exclusion** A user should see all of Sales except one leader’s organization. Use: * visible scope: Department = Sales * hidden scope: Manager = that leader ### **Good to know** * Admins always have full board access, regardless of the scopes listed for them. * Hidden scopes cannot be the only scopes a user has. * In scenarios, newly added positions and certain related employees can appear even if they would normally sit outside a user’s main-board scope. * If a project has its own filters, the user’s final access is the intersection of the project filter and their access scopes. ### **Summary** Access scopes answer one question: which people should this user be able to access? Use them to give access to: * the whole company * selected departments, locations, or manager hierarchies * specific employee segments * layered combinations of those rules Visible scopes add access. Hidden scopes remove access. And when visible scopes overlap, lower scopes in the list are treated as more specific. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.agentnoon.com/admin-capabilities/overview-1/access-scope.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.