Skip to main content

Role overview

The team experience uses a three-level role model in the UI:
RoleHow it works
Primary OwnerA virtual top-level role shown in the UI for the account’s current owner-of-record
OwnerA stored account role with management access across team features
MemberA stored account role intended for view-only or limited-access team participation
In the database, memberships are stored as owner or member. The Primary Owner badge is derived by comparing the current row with the account’s primary_owner_user_id.

Role descriptions

Primary Owner

The Primary Owner is the single member currently designated as the account owner. This badge appears in the members table and can move to another member through the transfer-ownership flow. Only the Primary Owner can:
  • Update the team name and avatar
  • Delete the team account
  • Transfer ownership to another member
  • Purchase credit packs and manage billing plans

Owner

Owners handle day-to-day team management. Across the current product, owner-level access is used for operational features such as API keys, webhooks, domains, and member management. Owners can:
  • Send new invitations and manage existing invitation rows
  • Use member-row actions on eligible member rows
  • Create, rotate, revoke, and delete API keys
  • Manage webhooks and domains
  • View all logs, credits, and activity
Owners cannot:
  • Update the team name or avatar
  • Delete the team account
  • Transfer ownership
  • Purchase credit packs or change the subscription plan

Member

Members can still access shared team pages, but management actions are reduced compared with owner-level access. Members can:
  • Send new invitations when the Members page exposes the Invite members flow for their current account context
  • View API keys, webhooks, logs, credits, domains, and activity
  • View logs, credits, domains, and activity
  • Leave the team from the Danger zone on the Settings page
Members cannot:
  • Manage existing invitations from the invitation-row actions menu
  • Update or remove other members
  • Manage API keys, webhooks, or domains
  • Purchase credit packs or change the billing plan

Permission matrix

AreaPrimary OwnerOwnerMember
Team settingsFull accessView onlyView only
Members pageFull access, including ownership transferFull member and invitation managementCan view tables, and may be able to send new invitations depending on the current account context
API keysFull accessFull accessView only
WebhooksFull accessFull accessView only
DomainsFull accessFull accessView only
Logs, credits, activityFull accessFull accessFull access
Billing purchases and subscription changesFull accessNo purchase accessNo purchase access
For row-level member changes, the app also applies hierarchy checks. The primary-owner row cannot be targeted from the member actions menu, and your own row never shows that menu.

Changing a member’s role

To change an existing member’s role, see Manage. To change the role assigned to a pending invitation before it is accepted, see Invite.