🕵️‍♂️ Do you know who can see your company data right now?

If someone asked you to list every person, contractor, and tool that can see your revenue numbers and customer data, could you do it without opening five different settings pages?

I couldn't, for a long time. We added people fast, handed a couple of contractors access to "just take a look," wired up some tools, and quickly didn't know who has access to what.

The uncomfortable part is that nothing feels wrong day to day. Access sprawl doesn't break anything. It just sits there until you've got a client in the same workspace as your internal financials, or someone leaves and you realize their access didn't.

I think most teams under ~30 people live here and don't think about it, because it's boring and there's always something more urgent. Then you sign your first real enterprise customer, or a security questionnaire lands in your inbox, and suddenly it's the only thing that matters.

This is on my mind because we just launched groups and access controls at Basedash. You can bundle people into groups and give each one access to exactly the data sources, dashboards, and AI context it should have, with row-level security on every question. Take a look here:

So, do you actually know who can see your data right now? If so, what finally pushed you to tighten it up?

51 views

Add a comment

Replies

Best

Honestly, I think data visibility is something many companies overlook. I've learned that regularly auditing access rights can prevent a lot of unnecessary risk.

The enterprise security questionnaire moment is it, 100%. For us it was a SOC2 gap analysis — suddenly I was tracing back who had access to what, across which integrations, going back 18 months. The contractor thing you mentioned is the sneakiest part: they get access scoped to one task, you wrap up, and somehow it just... stays. Nothing breaks, nobody notices.

The AI agent angle is making this worse fast, by the way. Tools that connect to your DB or email now need the same access hygiene as humans, but they don't show up in an 'active users' list. Worth thinking about that layer too as teams start running more agents.

visibility into who has access to what is the unsexy half of trust. the sexy half is signing receipts. but both fail if the access map is invisible. a credential system without a clear permission map ships broken on day one.

honestly… for most early teams this is one of those things you think you know, but if you really list it out, it gets messy fast :)

We only started tightening it up properly after first real customer/security review, before that it was more like "trust and basic permissions, and hope nothing leaks!