Access scope explained

This is the rule that ties the whole model together — internalise it once and the two columns, the invite flows, and the edit behaviours all follow from it.

• Owner and Admin — applied at the company level. Automatically covers all jobs, including new ones created after they're invited. No per-job selection needed.
• Editor and Observer — applied per job. They only see jobs you explicitly tick during the invitation. Add more jobs later by editing their access.

If a person already has company-level access (Owner or Admin), they are excluded from the "limited access" column because their company role already covers everything.

Why it matters in practice

• Future jobs. A new search you create tomorrow is already visible to every Owner and Admin, with nothing to configure. Per-job Editors and Observers, by contrast, won't see it until you add them — which is exactly what you want for outside stakeholders.
• No double-listing. Because a company role already covers everything, Vouch deliberately keeps those people out of the per-job column. If you can't find a colleague under a job, check the left-hand "Owners and administrators" column — they may already have company-wide access.
• Right-sizing access. If someone needs most jobs, a company-wide role is simpler than ticking many jobs and remembering to add the next one. If they need one or a few, keep them per-job so they never see more than they should.

Good to know. This is the least-privilege principle in action: give company-wide access only when the person genuinely works across the whole company, and keep everyone else scoped to the exact jobs they touch. It's easy to widen access later from Edit a user's role — much harder to claw back trust once someone has seen things they shouldn't.