Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.runorion.com/llms.txt

Use this file to discover all available pages before exploring further.

Groups let you organise users into cohorts that share access to the same set of projects, data sources, Knowledge Base pages, and Integrations. Use them to model teams, departments, end customers, or any other grouping that maps to a set of people who should see the same resources.

When to use Groups

Departments

Sales, Marketing, Finance, and Operations each get their own group with the projects, data sources, and Knowledge Base pages relevant to their work.

Multiple customers

Agencies and consultancies can give each end customer their own group, keeping their projects and data isolated from other customers in the same tenant.

Cross-functional teams

A user can belong to several groups at once — for example, an executive who needs visibility into Sales, Marketing, and Operations.
If you don’t create any groups, Orion behaves exactly as before. Groups are an additive feature — your existing users, projects, and permissions are unaffected until you opt in by creating a group.

Accessing Groups

Group management lives alongside user management in Settings → Manage Users. The page has two tabs: Users and Groups.
Groups tab in Manage Users showing existing groups with member and project counts

Creating a Group

From the Groups tab, click + New Group. Give the group a clear name and an optional description.
New Group dialog with Name and Description fields
If a non-admin user creates a group, they automatically become its first Group Admin. Tenant Admins who create groups manage them via their tenant role and are not added as members.

Naming Groups with Prefixes

When creating a group, the modal offers the option to select a prefix or choose no prefix. Prefixes are a first-class naming tool in Orion — they attach a shared label to all related groups so they sort and display together. For example, if you are provisioning groups for several customers, you might first create a top-level group called Verizon, then create further groups with that prefix: Verizon — Sales, Verizon — Marketing, Verizon — Operations. When your list of groups grows, every Verizon-related group stays together.
Use prefixes consistently from the start. It is significantly harder to reorganise groups after members and projects have been added. A naming convention like [Customer] — [Team] or [Department] — [Sub-team] works well for most organisations.

Group Roles

Each user has a role within each group they belong to. A group role only controls what someone can do inside that group — it is separate from and independent of their tenant role.

Group Admin

Manage everything in the group: add and remove members, add projects, data sources, Knowledge Base pages, and integrations, and delete the group.

Group Analyst

Full working access to everything in the group. Can create new projects and share them with others. Can also create new groups and automatically becomes the Admin of any group they create.

Group Viewer

Read-only access to the group’s projects, data, Knowledge Base pages, and integrations. Cannot configure anything or view data sources or settings.

Roles at a Glance

The table below covers all six roles across both levels — tenant and group. Tenant roles apply across the entire Orion instance; group roles apply only within the specific group.
CapabilityAdminAnalystViewerGroup AdminGroup AnalystGroup Viewer
ScopeFull tenantFull tenantApproved projectsOwn group(s) onlyOwn group(s) onlyGroup projects only
Invite users to tenant
Manage tenant-wide settings & data sources
See all users, groups & projects
Create groups✓ †
Manage group members
Manage group data sources, KB & integrations
Delete a group
Create & share projects
Run analyses & chat
View accessible projects
Query data sourcesPer-project ‡Per-project ‡
† A Group Analyst automatically becomes Group Admin of any group they create. ‡ Project owners can extend Viewer access to allow data queries on a per-project basis in Project Settings.
Tenant roles and group roles are independent. A tenant Viewer can be a Group Admin. A tenant Analyst can be a Group Viewer in one group and a Group Admin in another. Orion always evaluates the role that applies to the specific resource someone is trying to access — so what a user can do in chat, sharing, and editing may differ from one project to the next.

Users with roles across multiple groups

Tenant Admins always have full visibility across every group. For everyone else — tenant Analysts and Viewers — group roles can vary between groups. A user can simultaneously be:
  • A Group Admin in a group they created or were promoted in
  • A Group Analyst in a colleague’s group they were invited to contribute to
  • A Group Viewer in a third group where they only need read access
This means two users with the same tenant role may have very different effective access depending on which groups they belong to and what roles they hold there. When troubleshooting unexpected access, check both the user’s tenant role and their role within each relevant group.

Managing a Group

Click any group from the Groups tab to open its detail view. From here you can manage everything the group has access to using the tabs along the top.
Group detail view showing the Members tab with tabs for Projects, Data Sources, Knowledge Base, and Integrations
The header shows who created the group and when. Click the group name or description to edit them inline.

Members

The Members tab lists everyone in the group along with their group role.

Adding existing users to a group

Click Add member to open the member picker. The list shows users from your tenant who aren’t already in the group. Pick the role they should have within the group, then add them.
Add Members modal with a search field, a list of candidates, and a Join as role picker

Inviting new users directly into a group

If the person you want to add isn’t in your tenant yet, click Invite by email at the bottom of the picker. The invitee will receive an invitation email and, on first login, will automatically be added to this group with the role you selected.
Inviting users directly into a group is the fastest way to onboard a new team or customer cohort. They land in Orion already configured with the right access — no second step required.

Projects

The Projects tab lists the group’s projects. Everyone in the group can access them with permissions matching their group role.
Group detail view on the Projects tab showing the group's projects
Click Add project to add more projects to the group. The picker shows projects you have access to.
Add Projects modal with a checkbox list of projects and a selection counter
A single project can belong to more than one group — useful for shared work that spans multiple teams.

Data Sources

The Data Sources tab controls which data sources are available to group members. Members can use any of the data sources you enable here when working in the group’s projects.
Group detail view on the Data Sources tab with a checkbox list of available data sources

Knowledge Base

The Knowledge Base tab controls which Knowledge Base pages and folders the group can use. You can select individual pages or whole folders.
Group detail view on the Knowledge Base tab showing a folder tree with checkboxes
Selecting a whole folder means any new pages added to that folder later are automatically available to the group. This is the easiest way to keep a department’s reference material in sync as it grows.

Integrations

The Integrations tab controls which integrations the group has access to.
Group detail view on the Integrations tab showing connected integrations

How users get access to a project

A user can be given access to a project in two ways:
  1. Through a group — they’re a member of a group that the project belongs to. Their permissions match their role in the group.
  2. Directly — they were invited to the project individually from the project’s Share menu, independent of any group.
The two methods work side by side. Removing someone from a group doesn’t cancel any direct invite they have, and removing a direct invite doesn’t remove them from the group. The Project Settings modal shows which groups currently have access to the project, alongside its other settings.

Deleting a Group

To delete a group, open it and click Delete group in the upper-right corner. The confirmation dialog summarises what will happen:
Delete group dialog showing confirmation steps
  • Members lose access to anything they only had through this group. They keep any direct project access they were granted individually.
  • Projects that are only used by this group can either be transferred to the group’s Admins (who keep access individually) or deleted along with the group.
  • Data Sources, Knowledge Base pages, and Integrations are not deleted — they simply leave the group.
If you choose to delete a project alongside the group, you’ll be asked to type the project’s name to confirm.
Deleting a group is permanent. The group and its membership are gone for good. Members who had no other way to access projects will be left as Viewers with no projects to see until someone adds them again.