When you begin to customize to the out-of-the-box system, it's wise to think about the different types of users who will use your system, and how their roles might impact the amount of data that is available to them. It's always a best practice to give users access only to the data or features they truly need. Giving a user access to anything additional can complicate their workflow or potentially cause conflicts. In order to regulate access, Agiloft users belong to Groups and Teams and are given specific Roles. 

• Group settings affect the level of access to tables, records, and fields. Users in multiple groups receive the superset of those groups' access settings. For easier system maintenance, we recommend keeping the number of groups relatively small.
• Team settings affect other parts of the user interface such as the color scheme, available views, and the default home page. Teams define collections of users who share a role or work on projects together. Users can join multiple teams but must always have one Primary Team. The primary team determines users' default user interface and Look and Feel scheme. Teams are often used for sending notifications, assigning records to groups of users, and configuring locale settings, such as working hours and available languages. 
• Roles combine the appropriate Group and Team in order to determine a user's permission level and notifications they receive. They also flag which users have assigned licenses.