Members and Roles
Manage workspace access with role-based permissions.
Workspace Roles
Owner
Full access to all workspace features:
- Member management (invite, remove, change roles)
- Service access and management
- Workspace settings and deletion
- Billing management
Use for: Workspace creator, team leads, administrators
WARNING
Owners can delete the workspace. Limit the number of owners.
Member (Default)
Standard team access:
- Use all services
- View workspace members
- Cannot manage billing or roles
Use for: Engineers, developers, regular team members
Viewer
Read-only access:
- View services and configurations
- View workspace members
- Cannot modify anything
Use for: Stakeholders, auditors, read-only monitoring
Permission Matrix
| Permission | Owner | Member | Viewer |
|---|---|---|---|
| View services | ✓ | ✓ | ✓ |
| View members | ✓ | ✓ | ✓ |
| Modify services | ✓ | ✓ | ✗ |
| Invite members | ✓ | ✗ | ✗ |
| Change roles | ✓ | ✗ | ✗ |
| Access billing | ✓ | ✗ | ✗ |
| Delete workspace | ✓ | ✗ | ✗ |
Inviting Members
Prerequisites: You must be an Owner
Steps:
- Navigate to workspace members section
- Click "Invite Member"
- Enter email address
- Select role (Member is default)
- Send invitation
The invitee receives an email and must accept to join.
Managing Members
Change Roles
- Navigate to members section
- Click on the member
- Select "Change Role"
- Choose new role
- Confirm
Remove Members
- Navigate to members section
- Click on the member
- Select "Delete Member"
- Confirm
Member loses access immediately.
Product-Specific Access
Beyond workspace roles, individual services may have additional access control:
- Managed Observability: Dashboard and alert permissions
- Managed Applications: Deployment permissions
- Managed Cluster Components: Cluster-level permissions
Configure service-specific permissions after granting workspace access.
API Reference
List Members
GET /v1/workspaces/{workspaceId}/members
Authorization: Bearer <access-token>Invite Member
POST /v1/workspaces/{workspaceId}/members
Authorization: Bearer <access-token>
Content-Type: application/json
{
"email": "user@example.com",
"role": "Member"
}Change Role
PATCH /v1/workspaces/{workspaceId}/members/{identityId}
Authorization: Bearer <access-token>
Content-Type: application/json
{
"role": "Viewer"
}Remove Member
DELETE /v1/workspaces/{workspaceId}/members/{identityId}
Authorization: Bearer <access-token>Info: Full API Documentation Available
These are example requests. For complete API documentation including all parameters, response schemas, and authentication details, visit api.cloudpirates.io/docs.