Teams

Teams provide a flexible way to manage project access in your organization. Instead of assigning individual users to projects, you create teams, add members to teams, and then grant teams access to projects with specific roles.

Plan Limits

Team member limits vary by plan:

Plan	Team Members
Free	2 members
Starter	5 members
Pro	Unlimited
Agency	Unlimited

Team member limits apply to the total number of organization members. You can create unlimited teams within these limits.

Overview

The team-based access control system follows the GitHub/GitLab model:

Teams are groups of users within your organization
Team Members are users assigned to a team
Project Access is granted by assigning teams to projects with a role (Admin, Developer, or Viewer)

This approach makes it easy to:

Onboard new team members by adding them to relevant teams
Manage access for multiple projects at once
Audit who has access to what
Scale access management as your organization grows

Key Concepts

Teams

A team is a named group of users within your organization. Each team has:

Name: A descriptive name (e.g., "Backend Team", "Client Alpha Team")
Description: Optional details about the team's purpose
Color: A badge color for visual identification in the UI
Members: Users who belong to the team

Team Roles on Projects

When you assign a team to a project, you specify a role that determines what team members can do:

Role	Capabilities
Admin	Full project access including settings, team management, environment deletion, backup restoration
Developer	Deploy, create environments, create backups, view monitoring
Viewer	View-only access to project, environments, and monitoring

Access Resolution

When a user belongs to multiple teams that have access to the same project, they get the highest role from any of their teams:

Admin > Developer > Viewer

Special Case: Organization Owner

Organization Owners always have Admin access to all projects in their organization
This serves as a safety net to ensure owners can never be locked out

Managing Teams

Creating a Team

Go to Settings > Teams
Click Create Team
Enter a name and optional description
Select a badge color
Click Create

Adding Members to a Team

Go to Settings > Teams
Click on the team name to open details
Click Add Members
Search and select organization members to add
Click Add Selected

Removing Members from a Team

Go to Settings > Teams
Click on the team name
Find the member in the list
Click the remove button (trash icon)

Assigning Teams to Projects

Granting Project Access

Go to Projects > Select a project > Settings > Teams
Click Assign Team
Select one or more teams from your organization
Choose a role (Admin, Developer, or Viewer)
Click Assign

Changing Team Role on a Project

Go to Projects > Select a project > Settings > Teams
Find the team in the list
Click on the role dropdown
Select the new role

Removing Team Access

Go to Projects > Select a project > Settings > Teams
Find the team in the list
Click the remove button (trash icon)
Confirm the removal

Permissions & RBAC

OEC.sh uses a comprehensive Role-Based Access Control (RBAC) system with 55+ granular permissions across 6 system roles.

System Roles

The platform has 6 predefined roles organized in a hierarchy:

Portal Level:

Portal Admin - Full platform access (OEC.sh staff only)

Organization Level:

Owner - Full organization access, billing, member management
Admin - Organization management without billing access
Developer - Create projects, deploy environments
Viewer - Read-only access to organization resources

Project Level:

Team Admin - Full project access via team assignment
Team Developer - Deploy and manage environments via team
Team Viewer - View-only project access via team

Organization-Level Permissions

Permission	Description
`org.members.list`	View organization members
`org.members.invite`	Invite new members
`org.members.remove`	Remove members
`org.teams.list`	View teams in the organization
`org.teams.create`	Create new teams
`org.teams.update`	Edit team details and members
`org.teams.delete`	Delete teams
`org.projects.create`	Create new projects
`org.servers.list`	View servers
`org.storage.list`	View storage providers
`org.billing.view`	View billing information

Project-Level Permissions

Permission	Description
`project.teams.manage`	Assign/remove teams, change roles
`project.environments.create`	Create new environments
`project.environments.delete`	Delete environments
`project.environments.deploy`	Deploy to environments
`project.backups.create`	Create backups
`project.backups.restore`	Restore from backups
`project.settings.update`	Modify project settings

Pro & Agency Plans: Access to granular permissions (55+) and audit logs. Agency plans also include custom roles for enterprise requirements.

Best Practices

Team Structure

By Function: "Backend Team", "Frontend Team", "DevOps Team"
By Project/Client: "Client Alpha Team", "Internal Projects Team"
By Access Level: "Project Admins", "Developers", "Stakeholders"

Access Management

Start with minimal access: Assign Viewer role by default, escalate as needed
Use descriptive team names: Make it clear who should be in each team
Regular audits: Periodically review team memberships and project assignments
Document team purposes: Use the description field to explain each team's role

Onboarding New Users

Add the user to your organization
Add them to the appropriate teams
They automatically gain access to all projects those teams can access

Offboarding Users

Remove the user from all teams (or remove from organization)
Their access to all team-based projects is automatically revoked

API Reference

Teams Endpoints

Method	Endpoint	Description
GET	`/api/v1/teams`	List organization teams
POST	`/api/v1/teams`	Create a new team
GET	`/api/v1/teams/{id}`	Get team details
PATCH	`/api/v1/teams/{id}`	Update team
DELETE	`/api/v1/teams/{id}`	Delete team
GET	`/api/v1/teams/{id}/members`	List team members
POST	`/api/v1/teams/{id}/members`	Add member to team
DELETE	`/api/v1/teams/{id}/members/{user_id}`	Remove member

Project Teams Endpoints

Method	Endpoint	Description
GET	`/api/v1/projects/{id}/teams`	List project teams
POST	`/api/v1/projects/{id}/teams`	Assign team to project
PATCH	`/api/v1/projects/{id}/teams/{team_id}`	Update team role
DELETE	`/api/v1/projects/{id}/teams/{team_id}`	Remove team from project

Troubleshooting

User can't access a project

Verify the user is a member of a team
Verify that team has been assigned to the project
Check the team's role on the project has sufficient permissions

Changes not taking effect

Permission changes may take up to 5 minutes due to caching
Ask the user to refresh their browser
If urgent, the user can log out and log back in

Can't delete a team

Teams with project assignments cannot be deleted
Remove the team from all projects first, then delete

Overview Overview