> ## Documentation Index
> Fetch the complete documentation index at: https://docs.duckie.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Team Members & Roles

> Manage who has access to your Duckie workspace

Manage your team's access to Duckie by inviting members, assigning roles, and creating custom roles with granular permissions.

{/* Screenshot: Members page showing list of team members with roles */}

## Accessing Team Settings

Go to **Settings → Organization** in your dashboard. You'll find two tabs:

* **Members** — Invite and manage team members
* **Roles** — Create and configure roles with permissions

## Viewing Team Members

{/* Screenshot: Members list with columns for name, email, role, status */}

The members list shows:

| Column     | Description                                      |
| ---------- | ------------------------------------------------ |
| **Name**   | Member's display name                            |
| **Email**  | Email address                                    |
| **Role**   | Assigned role (Admin, Member, Viewer, or custom) |
| **Status** | Active or Pending                                |
| **Joined** | When they joined                                 |

## Inviting Team Members

<Steps>
  <Step title="Click Invite">
    Click **Invite Member** button.

    {/* Screenshot: Invite member dialog */}
  </Step>

  <Step title="Enter Email">
    Enter the email address of the person to invite.
  </Step>

  <Step title="Select Role">
    Choose the appropriate role.
  </Step>

  <Step title="Send">
    Click **Send Invitation**.
  </Step>
</Steps>

The invited user receives an email with a link to join your organization.

## Roles & Permissions

Duckie uses a flexible role-based access control (RBAC) system. You can use the default roles or create custom roles with granular permissions.

### Default Roles

| Role       | Description                                                       | Best For                           |
| ---------- | ----------------------------------------------------------------- | ---------------------------------- |
| **Admin**  | Full access to all features including billing and team management | Organization owners, team leads    |
| **Member** | Can build and manage agents, but cannot manage team or billing    | Support team members, developers   |
| **Viewer** | Read-only access to analytics and runs                            | Stakeholders, executives, auditors |

### Managing Roles

Go to **Settings → Organization → Roles** to view and manage roles.

{/* Screenshot: Roles tab showing list of roles with permission counts */}

### Creating Custom Roles

Create roles tailored to your team's needs:

<Steps>
  <Step title="Open Roles Tab">
    Navigate to **Settings → Organization → Roles**.
  </Step>

  <Step title="Click Create Role">
    Click **Create Role** to open the role editor.

    {/* Screenshot: Create role dialog */}
  </Step>

  <Step title="Name Your Role">
    Give the role a descriptive name (e.g., "Support Lead", "Analytics Viewer", "Content Editor").
  </Step>

  <Step title="Select Permissions">
    Choose which permissions to grant. Permissions are organized by category:

    {/* Screenshot: Role editor showing permission checkboxes by category */}
  </Step>

  <Step title="Save">
    Click **Save** to create the role.
  </Step>
</Steps>

### Permission Categories

Permissions are grouped by product area:

| Category     | Controls Access To                           |
| ------------ | -------------------------------------------- |
| **Analyze**  | Performance metrics, breakdown, runs, alerts |
| **Build**    | Agents, workflows, runbooks, snippets, tools |
| **Train**    | Knowledge, guidelines, guardrails            |
| **Tag**      | Categories, attributes, resolution rules     |
| **Deploy**   | Deployments and triggers                     |
| **Test**     | Playground and batch testing                 |
| **Settings** | Connections, organization, members, roles    |

### Permission Types

Each area has two permission levels:

* **Page Access** — Can view the page in the dashboard
* **API Access** — Can read or write data (some areas have separate read/write permissions)

<Info>
  The **Admin** role always has full permissions and cannot be modified or deleted.
</Info>

### Editing Roles

1. Click on a role in the Roles tab
2. Modify the name or permissions
3. Click **Save**

### Deleting Roles

1. Click the delete icon on a custom role
2. Choose how to handle members with that role (reassign to another role)
3. Confirm deletion

<Warning>
  You cannot delete the default Admin role or any role that still has members assigned.
</Warning>

## Managing Members

### Changing Roles

<Steps>
  <Step title="Find Member">
    Locate the member in the list.
  </Step>

  <Step title="Click Role">
    Click on their current role.
  </Step>

  <Step title="Select New Role">
    Choose the new role from the dropdown.

    {/* Screenshot: Role dropdown on member row */}
  </Step>

  <Step title="Confirm">
    Confirm the change.
  </Step>
</Steps>

### Removing Members

<Steps>
  <Step title="Find Member">
    Locate the member in the list.
  </Step>

  <Step title="Click Remove">
    Click the **Remove** button or trash icon.
  </Step>

  <Step title="Confirm">
    Confirm the removal.
  </Step>
</Steps>

<Info>
  Removed members lose access immediately. Their past actions remain in audit logs.
</Info>

## Pending Invitations

{/* Screenshot: Pending invitations section showing outstanding invites */}

View and manage outstanding invitations:

### Resend Invitation

If someone didn't receive or lost their invite:

1. Find the pending invitation
2. Click **Resend**
3. New email is sent

### Cancel Invitation

To revoke an invitation:

1. Find the pending invitation
2. Click **Cancel**
3. Link is invalidated

## Best Practices

### Principle of Least Privilege

Give users the minimum access they need:

* Create custom roles for specific job functions
* Most team members → **Member** role or a custom role
* Leadership/stakeholders → **Viewer** role
* Only org owners → **Admin** role

### Regular Audits

Periodically review team access:

* Remove departed team members
* Adjust roles as responsibilities change
* Verify admin count is appropriate

### Prompt Removal

When team members leave:

1. Remove access immediately
2. Consider transferring ownership of their work
3. Review any API keys they created

## SSO & Enterprise

<Info>
  **Single Sign-On (SSO)** and advanced identity management are available on enterprise plans.

  Features include:

  * SAML/OIDC integration
  * Automatic provisioning
  * Role mapping from identity provider

  [Contact sales](mailto:founders@duckie.ai) for details.
</Info>

## Next Steps

<CardGroup cols={2}>
  <Card title="Organization Settings" icon="building" href="/settings/organization">
    Configure your organization
  </Card>

  <Card title="Connections" icon="plug" href="/settings/connections">
    Manage integrations
  </Card>
</CardGroup>