Skip to content

Teams & roles

Organizations are shared workspaces. Invite teammates and control what each can do with role-based access control (RBAC).

Every member of an organization has one of four roles:

Role Can do
Owner Everything, including billing, deleting the org, and managing members.
Admin Manage projects, services, members, and most settings — not org deletion/billing ownership.
Member Create and manage projects and services (deploy, edit, scale).
Viewer Read-only — view projects, services, logs, and metrics; no changes.

Your personal organization always has you as owner.

In the dashboard, open Members from the top nav and invite someone. Enter their email and pick a role. They receive an invite and join once they accept.

The Members page

Owners and admins can change a member’s role or remove them from the Members list. Ownership can be transferred by an owner.

Roles are enforced on every request — through the dashboard, the CLI, and the REST API alike. Actions you don’t have permission for are hidden in the UI and rejected by the API, so a viewer’s token can’t be used to deploy.