Skip to documentation content

Company-scoped access

How visibility works in Vellum — and what isn't supported.

What's shared#

Vellum's permissions are scoped to the **company**, not the project. Everyone who is part of your company sees:

  • All projects (including those they're not assigned to).
  • All clients.
  • All events on the firm-wide calendar.
  • All locations and project types.

Filtering exists on every listing — you can narrow projects by location, by responsible employee, by client, or by state — but visibility itself is firm-wide.

What isn't#

There is **no per-project ACL**. You cannot share a single project with one team member while hiding it from others. If two co-located teams need separate visibility, the workaround today is to create them as separate locations and rely on per-location filtering — knowing they can still see across.

There is also no per-document ACL. A file marked as visible to a portal client is visible to all that client's portal users (currently a single Firebase user per client).