Team Management
Collaborate with your team by inviting members, assigning roles, and managing organization settings.
Overview
Team Management allows you to:
- Invite team members to your organization
- Assign roles with specific permissions
- Track team activity across the platform
- Manage organization settings and branding
Accessing Team Management
Navigate to the Team Management page:
Dashboard → Settings → Team
URL: /dashboard/settings/team
User Roles & Permissions
Role Overview
The platform supports 4 role levels with different permission sets:
| Role | Generate Queries | Execute Queries | View Analytics | Manage Team | Manage Budget | Manage API Keys |
|---|---|---|---|---|---|---|
| Admin | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Editor | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ |
| Analyst | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Viewer | ❌ | ❌ | ✅ (limited) | ❌ | ❌ | ❌ |
Admin
Full platform access - Complete control over organization
Permissions:
- ✅ All query and analytics features
- ✅ Invite and remove team members
- ✅ Change member roles (including other admins)
- ✅ Manage organization settings
- ✅ Configure API keys for all providers
- ✅ Set and manage budgets
- ✅ View audit logs
- ✅ Delete organization (owner only)
Use Case: Organization owners, team leads
Best Practice: Limit to 1-2 trusted members
Editor
Content creation and execution - Can manage queries and content
Permissions:
- ✅ Generate queries with AI
- ✅ Execute queries across all providers
- ✅ View all analytics and reports
- ✅ Manage query library
- ✅ Configure API keys (org-level)
- ✅ Create and edit content assets
- ❌ Cannot invite users or change roles
- ❌ Cannot set budgets
Use Case: Content strategists, SEO specialists, marketing managers
Best Practice: Default role for active team members
Analyst
Data access and query execution - Focus on analysis
Permissions:
- ✅ Generate queries
- ✅ Execute queries
- ✅ View all analytics dashboards
- ✅ Export data (CSV, JSON)
- ✅ Create scheduled reports
- ❌ Cannot configure API keys
- ❌ Cannot manage team or budgets
Use Case: Data analysts, researchers, consultants
Best Practice: Use for team members who need full data access but not configuration control
Viewer
Read-only access - Analytics visibility only
Permissions:
- ✅ View analytics dashboards
- ✅ View scheduled reports
- ✅ Basic data export
- ❌ Cannot generate queries
- ❌ Cannot execute queries
- ❌ Cannot modify any settings
Use Case: Stakeholders, executives, external consultants
Best Practice: Use for reporting-only access
Inviting Team Members
Invitation Process
Step 1: Access Team Page
- Navigate to Settings → Team
- Click "Invite User" button
Step 2: Enter User Details
- Email Address: User's email (required)
- Role: Select from Admin, Editor, Analyst, Viewer
- Custom Message (optional): Personalized invitation message
Step 3: Send Invitation
- Click "Send Invitation"
- Invitation created in database
- Share invitation link with user
Invitation Link
Format:
https://app.example.com/invite?token=<unique_token>
Sharing Options:
- Copy link and send via email
- Share via Slack or other messaging
- Add to onboarding documentation
Security:
- One-time use token
- Expires after 7 days
- Cannot be used if already accepted
Accepting Invitations
User Experience (Recipient):
- Receives invitation link
- Clicks link → Redirected to signup/login
- Creates account or logs in
- Automatically joins organization with assigned role
Post-Acceptance:
- User appears in team member list
- Role permissions take effect immediately
- Access to organization data granted
Managing Team Members
Team Member List
Displays:
- Name: User's display name
- Email: User's email address
- Role: Current role badge
- Status: Active, Invited (pending), Suspended
- Joined Date: When user joined organization
- Last Active: Last login timestamp
- Actions: Change role, remove member
Changing Member Roles
Admin-Only Feature
Steps:
- Locate user in team member list
- Click "Change Role" dropdown
- Select new role
- Confirm change
Role Change Rules:
- ✅ Can promote Viewer → Analyst → Editor → Admin
- ✅ Can demote Admin → Editor → Analyst → Viewer
- ❌ Cannot demote yourself if you're the only admin
- ❌ Cannot change role of organization owner
Immediate Effect: Role change takes effect instantly
Notification: User sees role change on next page load
Removing Team Members
Admin-Only Feature
Steps:
- Click "⋮" menu next to user
- Select "Remove from Organization"
- Confirm removal
Effects:
- User loses all access to organization data
- User removed from team member list
- Audit log records removal action
- User's historical activity remains (for audit trail)
Restrictions:
- Cannot remove yourself
- Cannot remove organization owner
- Cannot remove if only admin (must promote another first)
Organization Settings
Organization Profile
Editable by: Admins only
Settings:
- Organization Name: Display name for your team
- Organization Slug: URL-friendly identifier
- Industry: Industry category (for query generation)
- Website: Primary website domain
- Logo (planned): Organization branding
Access: Settings → Organization
Multi-Organization Support
Coming Soon: Users can belong to multiple organizations
Planned Features:
- Organization switcher in navbar
- Separate data/billing per organization
- Cross-organization user management
- Consolidated invoicing (enterprise)
Data Isolation & Security
Row Level Security (RLS)
Database-Level Protection:
- All data filtered by organization_id
- Users only see their organization's data
- 100% tested across 22+ tables
- Impossible to access other organizations' data
What's Protected:
- Queries and responses
- Analytics data
- Citation tracking
- Budget and cost data
- API keys (encrypted per org)
- Team member information
- All user-generated content
API Key Management
Per-Organization Keys:
- Each organization configures own API keys
- Encrypted with AES-256-GCM
- Keys never shared between organizations
- Environment variable fallback for development
Access: Settings → API Keys
See: Configuration Guide
Team Activity Tracking
Audit Logs
What's Tracked:
- User invitations sent
- Team member additions/removals
- Role changes
- Query executions
- Settings modifications
- API key updates
- Budget changes
Viewing Audit Logs:
- Access: Settings → Audit Logs (coming soon)
- Filters: User, action type, date range
- Export: CSV export for compliance
Activity Indicators
Last Active Timestamp:
- Shows when user last logged in
- Updates on each page load
- Helps identify inactive accounts
Query Execution Attribution:
- All queries tagged with executing user
- Analytics shows per-user costs
- Budget tracking by team member
Best Practices
Role Assignment Strategy
Start Conservative:
- Begin with Analyst/Viewer roles
- Promote to Editor after proven need
- Reserve Admin for 1-2 trusted members
- Never have only one Admin (bus factor!)
By Use Case:
- Content Team: Editor (needs query + execution)
- Data Team: Analyst (needs analytics + queries)
- Stakeholders: Viewer (reporting only)
- Admins: Technical leads, team owners
Invitation Management
Email Accuracy:
- Double-check email addresses
- Use corporate emails for security
- Avoid personal emails for work accounts
Invitation Hygiene:
- Remove expired invitations monthly
- Re-invite if user didn't receive
- Track invitation acceptance rate
Team Size Planning
Recommended Limits:
- Starter Plan: 1-3 users
- Professional: 5-10 users
- Business: 10-50 users
- Enterprise: Unlimited
Cost Considerations:
- Additional users may incur costs (check plan)
- Budget per user for cost tracking
- Monitor per-user query volume
Onboarding New Team Members
New User Checklist
Before Sending Invitation:
- Determine appropriate role
- Prepare onboarding documentation
- Set up user-specific budgets (if applicable)
- Notify team of new member
After User Accepts:
- Verify user has correct role
- Walk through key features
- Assign initial queries/projects
- Add to team communication channels
Onboarding Documentation
Share with New Members:
Offboarding Team Members
When Someone Leaves
Immediate Actions:
- Remove user from organization
- Revoke access to shared credentials
- Transfer ownership of queries/content
- Update team documentation
Data Retention:
- Historical queries remain
- Audit logs preserve activity
- Analytics data stays intact
- No data loss from user removal
Communication:
- Notify team of member departure
- Reassign responsibilities
- Update stakeholder reports
Troubleshooting
Invitation Not Received
Problem: User didn't receive invitation
Solutions:
- Check spam/junk folder
- Verify email address is correct
- Re-send invitation
- Manually share invitation link
- Check email delivery service status (admin)
Cannot Change Role
Problem: Role dropdown disabled or error
Possible Causes:
- Not an admin (only admins can change roles)
- Trying to change organization owner
- Trying to demote yourself as only admin
- User has pending invitation (accept first)
Solutions:
- Verify you have Admin role
- Promote another admin before demoting yourself
- Contact organization owner
User Sees "Access Denied"
Problem: User cannot access feature
Possible Causes:
- Insufficient role permissions
- Not a member of current organization
- Session expired
Solutions:
- Check user's role in team list
- Verify user is in correct organization
- Ask user to log out and log back in
- Elevate user's role if needed
Security Best Practices
Access Control
Principle of Least Privilege:
- Give minimum required permissions
- Regularly review role assignments
- Remove inactive users quarterly
- Audit admin access monthly
Credential Management
API Keys:
- Only Editors and Admins manage API keys
- Rotate keys quarterly
- Never share keys externally
- Monitor for unusual usage
Account Security:
- Require strong passwords
- Enable 2FA (when available)
- Monitor suspicious login attempts
- Review audit logs weekly
Enterprise Features (Coming Soon)
SSO Integration
Single Sign-On Support:
- Google Workspace
- Microsoft Azure AD
- Okta
- SAML 2.0
Benefits:
- Centralized user management
- Automatic provisioning
- Simplified login experience
- Enhanced security
Advanced Permissions
Resource-Level Permissions:
- Query library access control
- Report-level sharing
- Dashboard visibility rules
- API key scoping
Custom Roles:
- Define custom role templates
- Mix-and-match permissions
- Role inheritance
- Per-project roles
Multi-Organization Management
Cross-Org Features:
- Single user, multiple orgs
- Organization switcher UI
- Consolidated billing
- Enterprise admin dashboard
Related Features
- Organization Settings (coming soon)
- API Key Configuration
- Budget Management
- Audit Logs (coming soon)
FAQs
Q: How many users can I invite? A: Depends on your plan. Starter: 3, Professional: 10, Business: 50, Enterprise: Unlimited.
Q: Can a user belong to multiple organizations? A: Not yet. Multi-organization support is coming in Q2 2025.
Q: What happens to data when I remove a user? A: User loses access but historical data (queries, analytics) remains for audit trail.
Q: Can I change someone from Admin to Viewer? A: Yes, but not if they're the only admin. Promote another admin first.
Q: How do I transfer organization ownership? A: Contact support. Ownership transfer requires verification for security.
Q: Is email delivery configured? A: Currently being implemented. Invitation links work, email notifications coming soon.
Q: Can I customize invitation emails? A: Yes, add a custom message when sending invitation. Email templates coming soon.
Last Updated: October 9, 2025 Feature Status: Fully Implemented (email delivery pending)