Permissions
Orbit uses Microsoft 365 as the workspace permission source.
That means Microsoft 365 access decides who can view or edit the files in a workspace. Orbit adds product UI for inviting people, note-specific shares, and tenant administration, but workspace access remains tied to Microsoft 365.
Workspace permissions
Section titled “Workspace permissions”Workspace permissions control access to the workspace files.
Common role labels:
| Role | Typical capability |
|---|---|
| read | View accessible workspace notes and files. |
| write | Create, edit, rename, move, import, and delete workspace content where Microsoft 365 allows it. |
| manager | Manage workspace-level settings when that role is shown for the workspace. |
| owner | Own or administer the connected Microsoft 365 location when Microsoft 365 grants that authority. |
The exact authority can depend on the SharePoint or OneDrive permission behind the workspace.
Note-specific sharing
Section titled “Note-specific sharing”Note-specific shares grant access to one note.
Current note-specific shares are designed for people in your Microsoft 365 tenant. External guest access depends on your tenant policy and Orbit availability.
Use them when:
- A reviewer needs one note.
- A stakeholder should not browse the whole workspace.
- You need an expiring organization link.
- You are sharing into a Teams conversation.
Existing access links
Section titled “Existing access links”Existing access links do not grant new permission. They only copy a route to the note.
Use this when everyone in the audience already has workspace access.
Organization links
Section titled “Organization links”Organization links can grant access to people in your tenant. Choose view or edit carefully and set an expiration date when the need is temporary.
Microsoft 365 changes apply to Orbit
Section titled “Microsoft 365 changes apply to Orbit”If a site owner, file owner, or admin changes permissions in Microsoft 365, Orbit follows those changes.
Examples:
- A user removed from a SharePoint site may lose Orbit access.
- A security group added to a folder may gain Orbit access.
- A file-level permission removed in Microsoft 365 may break a note share.
Permission troubleshooting
Section titled “Permission troubleshooting”If someone cannot open a note:
- Confirm the note link is correct.
- Confirm whether they need workspace access or note-specific access.
- Check the workspace Access settings.
- Open the Microsoft 365 location and verify permissions.
- Ask an owner or tenant admin to review blocked consent or policy issues.
For the broader storage and access model, see Data Handling and Permissions.
Common questions
Section titled “Common questions”Why can someone still open a note after I revoke a note share?
Section titled “Why can someone still open a note after I revoke a note share?”They may still have workspace access through Microsoft 365. Remove workspace access if they should not see any notes in the workspace.
Does mentioning someone grant access?
Section titled “Does mentioning someone grant access?”No. Mentions can notify a person, but access still comes from workspace permissions or note-specific sharing.