Dossira
Create
Menu
← Back to Articles

Defining Governance Roles: Who Needs What Access?

Published
By Marco R.
Governance Access Membership Security reviews

Structure creates safety

A secure workspace is not just about encryption. It is about people. If everyone is an administrator, no one is accountable. If everyone is a guest, work halts.

In high-stakes governance, we map access to responsibility. We follow the principle of least privilege, but we balance it with the need for flow. A director unable to read a paper is a governance failure.

The Board Secretary: The Operator

The Secretary runs the room. In Dossira, they are the Workspace Owner.

Their duty is to curate the pack. They need the ability to create folders, upload versions, and manage the membership list. They are responsible for the lifecycle of the meeting. They are also the only role that should have the power to “Seal” the workspace.

[EDITOR: Check if we have a specific guide for ‘Workspace Owners’ vs ‘Admins’ and link it here.]

The Chair and Directors: The Members

The board members are there to review and decide. They do not need to manage settings or invite others.

They require Member access with a focus on simplicity. Their primary need is friction-free entry. We utilize passkeys to ensure that a director can enter the workspace with a look or a touch. They should have the ability to comment on files and approve deliverables, but they should generally not be moving or deleting files.

We treat their access as a “read and review” pattern. This protects the structure of the pack from accidental drag-and-drop errors.

Observers and Advisors: The Guests

Specialists often attend for specific items. Legal counsel, auditors, or industry experts may need to see a single report, but not the minutes of the previous meeting.

These users are Guests. We recommend restricting their view to specific sections. A guest should never see the full member list unless necessary. Their access is often temporary.

The Exit Protocol

Governance roles are not permanent. Directors retire; advisors finish their engagement.

Offboarding is as critical as onboarding. When a role ends, access must be revoked immediately. In a workspace model, this is a single click. The power of this action lies in the Audit Log.

When you remove a member, the log records the exact timestamp. This provides proof that a former director did not have access to sensitive price-sensitive information after their departure date. It is a small detail that matters immensely during a security review or due diligence process.