Role-Aware Access & Governance
If strategy is hierarchical, then access control should follow that same hierarchy.
A product lead should see their branch. A board member should see the full tree at summary level. An AI agent's access should be scoped to its purpose.
Standard read/write/admin permissions can't express these distinctions. They flatten the strategy hierarchy into a single plane — everyone either has access or doesn't. That's not how strategy works.
Why Standard RBAC Isn't Enough
Every person in your organisation needs a different view of the same strategy. Standard role-based access treats all content as equivalent — but strategy is not flat.
Product Lead
Full access to Product strategy branch. Read access to peer strategies. No access to board-level risk register.
Board Member
Full strategy tree at summary level. No operational detail.
Investor
Curated view: key metrics, strategic direction, risk profile, traction indicators.
Team Member
Their own objectives, initiative context, enough broader strategy for connection.
Strategy-Scoped Permissions
Permissions cascade down the hierarchy by default. Overrides are available at any node. This means granting access to a strategy automatically includes its initiatives, objectives, and linked intelligence — unless explicitly restricted.
Role Templates
CEO / Strategy Owner
Full access, executive summaries, create/modify any entity.
Strategy Lead
Full access to their branch, read access to peers, alerts for health changes.
Team Lead
Full access to their initiative and children. Propose changes outside scope.
Board Member
Read access at summary level. No operational detail or drafts.
Analyst
Read access across workspace. Can create insights and signals. No direct strategy modification.
Comprehensive Audit Trails
Governance requires visibility. Three layers of audit trail ensure that every action, every decision, and every AI interaction is traceable.
Standard Audit
Who viewed or changed what, and when. Append-only, immutable. The baseline for any compliance requirement.
Strategic Audit
Which strategy was affected, what assumptions were cited, and which signals informed the choices made. Context that standard audit logs never capture.
AI Interaction Governance
What context was provided to AI agents, what recommendations were generated, and what actions were taken. Full traceability from prompt to outcome.
Enterprise Compliance
Strategic infrastructure that handles sensitive organisational data must meet enterprise compliance standards. The governance layer is designed with these frameworks in mind.
SOC2 Type II
Continuous monitoring of security controls, access logs, and change management across the strategic infrastructure.
GDPR
Data minimisation, right to access, and audit trails that demonstrate lawful processing of strategic data.
ISO 27001
Information security management system aligned with strategic data classification and access control policies.
Why This Matters
Trust enables adoption
Teams will only put real strategy into a system they trust. Role-aware access ensures sensitive strategic information is visible only to those who need it, building the trust required for genuine adoption.
Governance creates accountability
When every change is traced to a person, a reason, and a strategic context, accountability becomes structural rather than cultural. The system enforces what process documents can only request.
AI governance is a new requirement
As AI agents participate in strategic work, organisations need to track what context those agents received, what they recommended, and what actions were taken. This is a governance requirement that didn't exist two years ago.