Accessing Team Settings
Go to Settings → Organization in your dashboard. You’ll find two tabs:- Members — Invite and manage team members
- Roles — Create and configure roles with permissions
Viewing Team Members
The members list shows:| Column | Description |
|---|---|
| Name | Member’s display name |
| Email address | |
| Role | Assigned role (Admin, Member, Viewer, or custom) |
| Status | Active or Pending |
| Joined | When they joined |
Inviting Team Members
1
Click Invite
Click Invite Member button.
2
Enter Email
Enter the email address of the person to invite.
3
Select Role
Choose the appropriate role.
4
Send
Click Send Invitation.
Roles & Permissions
Duckie uses a flexible role-based access control (RBAC) system. You can use the default roles or create custom roles with granular permissions.Default Roles
| Role | Description | Best For |
|---|---|---|
| Admin | Full access to all features including billing and team management | Organization owners, team leads |
| Member | Can build and manage agents, but cannot manage team or billing | Support team members, developers |
| Viewer | Read-only access to analytics and runs | Stakeholders, executives, auditors |
Managing Roles
Go to Settings → Organization → Roles to view and manage roles.Creating Custom Roles
Create roles tailored to your team’s needs:1
Open Roles Tab
Navigate to Settings → Organization → Roles.
2
Click Create Role
Click Create Role to open the role editor.
3
Name Your Role
Give the role a descriptive name (e.g., “Support Lead”, “Analytics Viewer”, “Content Editor”).
4
Select Permissions
Choose which permissions to grant. Permissions are organized by category:
5
Save
Click Save to create the role.
Permission Categories
Permissions are grouped by product area:| Category | Controls Access To |
|---|---|
| Analyze | Performance metrics, breakdown, runs, insights, suggestions, alerts |
| Build | Agents, workflows, runbooks, snippets, tools |
| Train | Knowledge, guidelines, guardrails |
| Tag | Categories, attributes, resolution rules |
| Deploy | Deployments and triggers |
| Test | Playground and batch testing |
| Settings | Connections, organization, members, roles |
Permission Types
Each area has two permission levels:- Page Access — Can view the page in the dashboard
- API Access — Can read or write data (some areas have separate read/write permissions)
The Admin role always has full permissions and cannot be modified or deleted.
Editing Roles
- Click on a role in the Roles tab
- Modify the name or permissions
- Click Save
Deleting Roles
- Click the delete icon on a custom role
- Choose how to handle members with that role (reassign to another role)
- Confirm deletion
Managing Members
Changing Roles
1
Find Member
Locate the member in the list.
2
Click Role
Click on their current role.
3
Select New Role
Choose the new role from the dropdown.
4
Confirm
Confirm the change.
Removing Members
1
Find Member
Locate the member in the list.
2
Click Remove
Click the Remove button or trash icon.
3
Confirm
Confirm the removal.
Removed members lose access immediately. Their past actions remain in audit logs.
Pending Invitations
View and manage outstanding invitations:Resend Invitation
If someone didn’t receive or lost their invite:- Find the pending invitation
- Click Resend
- New email is sent
Cancel Invitation
To revoke an invitation:- Find the pending invitation
- Click Cancel
- Link is invalidated
Best Practices
Principle of Least Privilege
Give users the minimum access they need:- Create custom roles for specific job functions
- Most team members → Member role or a custom role
- Leadership/stakeholders → Viewer role
- Only org owners → Admin role
Regular Audits
Periodically review team access:- Remove departed team members
- Adjust roles as responsibilities change
- Verify admin count is appropriate
Prompt Removal
When team members leave:- Remove access immediately
- Consider transferring ownership of their work
- Review any API keys they created
SSO & Enterprise
Single Sign-On (SSO) and advanced identity management are available on enterprise plans.Features include:
- SAML/OIDC integration
- Automatic provisioning
- Role mapping from identity provider