Access is composed of connected workspaces that each govern a different dimension of identity and authority. Together, they form a cohesive governance layer.
user activity
User Activity serves as the audit lens of the Access framework.
It is a chronological, read-only workspace that tracks every change made to user records within Neostella. Rather than modifying access, this tool provides visibility into how identities evolve over time.
All tracked events originate from the identity data schema. This includes user creation, structural updates, group assignments, and role modifications. By surfacing these changes in a transparent and traceable way, User Activity supports governance, compliance, and administrative accountability.
users
The Users workspace is the foundation of identity management inside Neostella.
Every individual in the system is modeled as a structured system entity with a unique user system ID. This unified identity ensures that the platform can consistently recognize the user across tools, permissions, workflows, activity logs, and integrations.
The workspace is administrative from creation and configuration to deactivation and review. The Users tool ensures that identity remains structured and governed.
Without Users, there is no anchor for Access. Every permission, every assignment, and every audit record depends on this foundational identity layer.
groups
Groups introduce organizational structure into the Access framework.
Rather than managing governance one user at a time, administrators can define structured user collections that reflect departments, collaboration models, or governance boundaries. Each group is aligned with a specific user classification, preserving structural integrity across the system.
Groups do not define authority directly. Instead, they simplify how authority is distributed. By organizing users into coherent structures, administrators can apply governance rules consistently and at scale.
In growing firms, Groups become essential to maintaining clarity without increasing administrative complexity.
permission sets
Permission Sets are the enforcement engine of Access.
Instead of controlling access tool by tool, administrators define structured packages of authorizations that determine what actions users may perform across objects and system features. These packages are assigned to users or groups, and the system evaluates them dynamically whenever interaction occurs.
Permission Sets determine whether a user can access specific records, modify data, configure settings, execute workflows, or govern administrative tools. They operate silently but consistently in the background, ensuring that authority is enforced every time the system is used.
They define what is allowed; not where someone sits in the organization, but what they can do within it
roles
Roles define operational participation within projects.
They represent functional responsibility rather than security authority. A role clarifies how a user participates in a project, whether as a lead, contributor, reviewer, or coordinator; but it does not determine what actions the user is authorized to perform inside the system.
Roles are designed to reflect the firm’s internal structure and operational design. Once defined, they become available within project workspaces for assignment.
Where Permission Sets define power, Roles define position.
why access matters
Access ensures that governance evolves alongside the firm.
As teams expand, responsibilities shift, and workflows grow more complex. Access allows the system to scale without sacrificing clarity or control. Identities remain structured, permissions remain centralized, participation remains defined, and changes remain traceable.
In simple terms:
- Users establish identity.
- Groups introduce structure.
- Roles define participation.
- Permission Sets enforce authority.
- User Activity ensures accountability.
And Access ensures that every interaction inside Neostella is intentional, governed, and secure.