Accessing Team Settings
Go to Settings → Organization in your dashboard. You’ll find two tabs:- Members — Invite and manage team members
- Roles — Create and configure roles with permissions
Viewing Team Members
The members list shows:| Column | Description |
|---|---|
| Name | Member’s display name |
| Email address | |
| Role | Assigned role (Admin, Member, Viewer, or custom) |
| Status | Active or Pending |
| Joined | When they joined |
Inviting Team Members
The invited user receives an email with a link to join your organization.
Roles & Permissions
Duckie uses a flexible role-based access control (RBAC) system. You can use the default roles or create custom roles with granular permissions.Default Roles
| Role | Description | Best For |
|---|---|---|
| Admin | Full access to all features including billing and team management | Organization owners, team leads |
| Member | Can build and manage agents, but cannot manage team or billing | Support team members, developers |
| Viewer | Read-only access to analytics and runs | Stakeholders, executives, auditors |
Managing Roles
Go to Settings → Organization → Roles to view and manage roles.Creating Custom Roles
Create roles tailored to your team’s needs:Name Your Role
Give the role a descriptive name (e.g., “Support Lead”, “Analytics Viewer”, “Content Editor”).
Permission Categories
Permissions are grouped by product area:| Category | Controls Access To |
|---|---|
| Analyze | Performance metrics, breakdown, runs, insights, suggestions, alerts |
| Build | Agents, workflows, runbooks, snippets, tools |
| Train | Knowledge, guidelines, guardrails |
| Tag | Categories, attributes, resolution rules |
| Deploy | Deployments and triggers |
| Test | Playground and batch testing |
| Settings | Connections, organization, members, roles |
Permission Types
Each area has two permission levels:- Page Access — Can view the page in the dashboard
- API Access — Can read or write data (some areas have separate read/write permissions)
The Admin role always has full permissions and cannot be modified or deleted.
Editing Roles
- Click on a role in the Roles tab
- Modify the name or permissions
- Click Save
Deleting Roles
- Click the delete icon on a custom role
- Choose how to handle members with that role (reassign to another role)
- Confirm deletion
Managing Members
Changing Roles
Removing Members
Removed members lose access immediately. Their past actions remain in audit logs.
Pending Invitations
View and manage outstanding invitations:Resend Invitation
If someone didn’t receive or lost their invite:- Find the pending invitation
- Click Resend
- New email is sent
Cancel Invitation
To revoke an invitation:- Find the pending invitation
- Click Cancel
- Link is invalidated
Best Practices
Principle of Least Privilege
Give users the minimum access they need:- Create custom roles for specific job functions
- Most team members → Member role or a custom role
- Leadership/stakeholders → Viewer role
- Only org owners → Admin role
Regular Audits
Periodically review team access:- Remove departed team members
- Adjust roles as responsibilities change
- Verify admin count is appropriate
Prompt Removal
When team members leave:- Remove access immediately
- Consider transferring ownership of their work
- Review any API keys they created
SSO & Enterprise
Single Sign-On (SSO) and advanced identity management are available on enterprise plans.Features include:
- SAML/OIDC integration
- Automatic provisioning
- Role mapping from identity provider