Tricia helps to reconcile the security and collaboration needs of individuals, communities and enterprises:

Individuals want to freely organize all their content and share some content with other members of their social networks (colleagues, friends, project members, ...) within and outside of the enterprise. Privacy of personal content is essential. Communities form dynamically to achieve a common project goal or to exchange information regarding a specific topic and to make some of this information available to other communities. Enterprises want to avoid duplication of effort and redundant information storage. They have to protect their core information assets while being able to quickly publish quality-controlled content to a global audience or to specific target groups outside of the enterprise.

As suggested by this description, Tricia is based on the following simple but highly configurable access policies:

• Each content item has a set of readers that are able to view and find it and a set of writers that are able to edit it. A content item is a wiki page, a blog entry, or a file.
• A reader or writer either is a person (Joe Doe) or a group of individuals (Joe Does Friends, Marketing Staff or Participants of the Product Launch Party 2008). The pseudo-groups Logged-In Users and Everybody include all authenticated users while the latter additionally includes anonymous visitors from the web.
• Readers and writers can also be specified at the granularity of content spaces like blogs, wiki spaces or file directories, because it can be tedious to change access rights on a per content basis. These access rights are added to the readers and writers specified for individual blog entries, wiki pages resp. files.
• Each Tricia user can be member of arbitrary many groups describing the divisions, project teams, communities of practice and social networks he or she belongs to.
• All searches and content operations are access controlled: If a user attempts to read or write a content, Tricia checks if the contents reader or writer list contains the user itself or one of the groups the user belongs to. All search results (including tag clouds etc.) are filtered based on the current user's access rights.

At the enterprise level this access policy effectively avoids redundant information:

• To publish a content to a wider audience, it is not necessary to move or copy the content to another space, but one simply adds individuals or groups to the set of readers.
•  To work collaboratively one adds individuals or groups to the set of writers of the shared content.

To give content authors immediate feedback on the impact of access specifications via reader and writer lists, a content writer can check with a single click how the site appears to users with fewer privileges.

The privilege to create new user profiles, groups, blogs, or wikis can be limited to specific groups within the organization.