Roles & permissions
A cap table holds sensitive information, so not everyone should see — or change — everything. Tenacap keeps two groups separate: your team, who manage the cap table through workspace roles, and your stakeholders, who see only their own holdings through the portal.
Access in Tenacap answers two different questions: who runs the cap table, and who can see their slice of it. Keeping those separate is what lets you invite an employee to view their own options without giving them a window into everyone else’s equity.
Two kinds of access
- Workspace roles — for the people who operate the company’s cap table (you, a co-founder, an ops lead). They sign in to the full app and their role decides what they can do.
- The stakeholder portal — for your shareholders and employees. They’re not workspace members; they receive an invite and see a private, read-only view of only their own holdings. See the stakeholder portal.
Workspace roles
Whoever creates the workspace becomes its first Admin. From there, access runs on three operating roles, strongest to weakest:
- Admin — full control of the company and the workspace.
- Editor — can change the cap table (record equity, import, model rounds) but not manage the workspace itself.
- Viewer — read-only access to the cap table.
Roles are hierarchical: an Admin can do everything an Editor can, and an Editor everything a Viewer can. Access is also scoped to the workspace — a role only grants permissions in the workspace it was given in.
What each role can do
| Capability | Viewer | Editor | Admin |
|---|---|---|---|
| View the cap table, ownership & reports | ✓ | ✓ | ✓ |
| Export your data (CSV / JSON / diligence pack) | ✓ | ✓ | ✓ |
| Record equity — issuances, options, SAFEs/notes, priced rounds; run an import | — | ✓ | ✓ |
| Record board approvals & generate consents | — | ✓ | ✓ |
| Read the change log / audit trail | — | ✓ | ✓ |
| Merge duplicate stakeholders; invite stakeholders to the portal | — | — | ✓ |
| Manage the workspace & close the account | — | — | ✓ |
The stakeholder portal
Your employees and investors don’t need — and shouldn’t have — a seat in the workspace. Instead, an Admin invites them to the stakeholder portal, where each person signs in and sees a private summary of their own holdings: shares, vested vs. unvested options, SAFEs and notes, and their documents. They can never see another stakeholder’s position or the full cap table. Full details are in the stakeholder portal.
Changing roles — and every change is logged
An Admin sets and changes roles. Because a role change is a security-relevant event, it’s written to the hash-chained change log (category RBAC) — so “who gave whom access, and when” is always answerable, and the record is tamper-evident.
Counsel, investors & advisors
For most companies the three operating roles plus the portal cover everyone: counsel and prospective investors get a Viewer seat (or a diligence pack export) for the read-only access they need, and existing shareholders use the portal. Finer-grained, named roles for outside counsel and advisory firms are part of the permissions model and roll out as multi-company workspaces land — your data and its access rules don’t change underneath you when they do.