Team Roles
Owner
- Full control over account and all resources
- Can invite/remove team members
- Can manage billing and subscriptions
- Can delete the account
- Always at least one owner per account
Admin
- Can manage team members and permissions
- Can create and modify agents, gateways, and capabilities
- Can view billing information (read-only)
- Cannot delete account or modify subscriptions
Developer
- Can create and modify agents, gateways, and capabilities
- Can view team members (read-only)
- Cannot manage permissions or billing
- Cannot invite new members
Viewer
- Read-only access to all resources
- Can view agents, gateways, capabilities, usage
- Cannot create or modify anything
- Cannot manage team
Permission Matrix
| Action | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View Resources | ✓ | ✓ | ✓ | ✓ |
| Create Resources | ✓ | ✓ | ✓ | - |
| Edit Resources | ✓ | ✓ | ✓ | - |
| Delete Resources | ✓ | ✓ | ✓ | - |
| Manage Team | ✓ | ✓ | - | - |
| Invite Members | ✓ | ✓ | - | - |
| Manage Permissions | ✓ | ✓ | - | - |
| View Billing | ✓ | ✓* | - | - |
| Modify Billing | ✓ | - | - | - |
| Delete Account | ✓ | - | - | - |
Inviting Team Members
Send an Invitation
- Go to Team in the left sidebar
- Click Invite Member
- Enter the member’s email address
- Select their role (Owner, Admin, Developer, or Viewer)
- Optionally add a custom message
- Click Send Invitation
Manage Pending Invitations
- Go to Team
- Click Pending Invitations tab
- View status of sent invitations
- Click Resend to send another copy
- Click Revoke to cancel an invitation
Managing Team Members
Change a Member’s Role
- Go to Team
- Find the member in the list
- Click Edit Role
- Select new role
- Click Save
You cannot change the role of the account owner unless someone else is also an owner.
Remove a Team Member
- Go to Team
- Find the member you want to remove
- Click Remove Member
- Confirm removal
Resource-Level Access Control
By default, team members with Developer or higher role can access all resources (agents, gateways, capabilities). You can restrict access by resource:Lock Down a Resource
- Open the resource (agent, gateway, capability)
- Click Settings > Access Control
- Toggle Restricted Access
- Select which team members can access
- Click Save
Public vs Private Resources
- Public - All team members with appropriate role can access
- Private - Only explicitly listed members can access
Best Practices
Principle of Least Privilege
- Grant only the minimum role needed
- Use Viewer role for external stakeholders
- Promote to Developer only when they need to build
Team Structure
- 1 Owner - Account administrator
- 2-3 Admins - Team leads with management authority
- Developers - Individual contributors
- Viewers - Stakeholders, managers, auditors
Security
- Remove members promptly when they leave
- Audit team membership quarterly
- Use restricted access for sensitive resources
- Change ownership if owner leaves company
Onboarding
- Add new members with Viewer role first
- Let them explore and understand the platform
- Promote to Developer after orientation
- Move to Admin only if management needed
Troubleshooting
Member Can’t See Resources
- Check member’s role is Developer or higher
- Check resource access control settings
- Ensure member accepted the invitation email
Can’t Invite Member
- You need Owner or Admin role
- Check the email address is correct
- Member might already be on the team
Can’t Change Owner
- You must transfer ownership via account settings
- Only current owner can assign new owner
- New owner must accept transfer request
Lost Access After Role Change
- An admin reduced your permissions
- Contact an Owner or Admin to restore access
- Change doesn’t affect existing resource tokens