Team Roles Setup
Team Roles Setup
This guide walks through creating custom roles for your team. Team roles are part
of the Enterprise plan and are managed at Dashboard → Team → Security
(/dash/team/security). You need the Manage security permission (the team
owner and admins have it by default).
1. Review the built-in roles
Open Team → Security → Team roles. You'll see the three built-in roles and the permissions each grants:
- Owner - everything.
- Admin - manage members, branding and security.
- Member - no management permissions.
If these cover your needs, there's nothing to set up - just invite members and set them to admin or member from the Team page.
2. Create a custom role
When you need something in between (for example, a role that manages API keys but not members):
- Click New role.
- Give it a name (e.g. "Integrations admin").
- Toggle on the permissions it should grant:
- Manage members
- Manage branding
- Manage security
- Manage API keys
- Manage custom domains
- Click Create. The role appears in the list immediately.
A custom role can only grant permissions the owner already has - you can never create a role that exceeds the owner.
3. Assign the role
Assign the custom role to a member from the team management flow. A member with a custom role uses that role's exact permission set instead of their built-in role.
4. Edit or delete
- Edit a role to change its name or permissions. Changes apply to every member who has it, immediately.
- Delete a role and any member using it falls back to their built-in role (owner / admin / member) automatically - no member is ever left without a role.
Notes
- Everything on this page updates live - you don't need to refresh after a change.
- All checks are enforced server-side, so a role's limits apply to API calls too, not just the dashboard UI.