Manage Your Team
Invite team members and control what they can access.
Understanding Roles
OEC.SH has a simple role system:
| Role | Can Do | Best For |
|---|---|---|
| Owner | Everything, including billing | Company owner, primary admin |
| Admin | Manage members, servers, settings | Technical leads, DevOps |
| Developer | Create projects, deploy, view logs | Developers, implementers |
| Viewer | View only, no changes | Clients, stakeholders |
Invite a Team Member
- Go to Settings → Members
- Click Invite Member
- Enter their email address
- Select a role
- Click Send Invite
They'll receive an email with a link to join your organization.
Note: They need to create an OEC.SH account if they don't have one.
Change Someone's Role
- Go to Settings → Members
- Find the member in the list
- Click the role dropdown
- Select the new role
- Confirm the change
Role changes take effect immediately.
Remove a Team Member
- Go to Settings → Members
- Find the member
- Click the ⋮ menu → Remove
- Confirm removal
They immediately lose access to your organization.
Role Permissions Quick Reference
What Each Role Can Do
| Action | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View projects/environments | ✅ | ✅ | ✅ | ✅ |
| View logs and monitoring | ✅ | ✅ | ✅ | ✅ |
| Create projects | ✅ | ✅ | ✅ | ❌ |
| Deploy environments | ✅ | ✅ | ✅ | ❌ |
| Create backups | ✅ | ✅ | ✅ | ❌ |
| Restore backups | ✅ | ✅ | ❌ | ❌ |
| Delete environments | ✅ | ✅ | ❌ | ❌ |
| Manage servers | ✅ | ✅ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ❌ | ❌ |
| Manage billing | ✅ | ❌ | ❌ | ❌ |
| Delete organization | ✅ | ❌ | ❌ | ❌ |
Common Team Setups
Small Team (2-5 people)
- 1 Owner (you)
- 1-2 Admins (senior devs or tech leads)
- 2-3 Developers
Agency with Clients
- 1 Owner (agency owner)
- 2-3 Admins (project managers)
- 5-10 Developers (implementation team)
- Clients as Viewers (read-only access)
Enterprise
- 1 Owner (IT director)
- 3-5 Admins (DevOps team)
- 10+ Developers (development teams)
- Stakeholders as Viewers
Give Client Access
Let clients view their project without making changes:
- Invite the client with Viewer role
- They can see:
- Environment status
- Deployment history
- Logs
- Backup list
- They cannot:
- Deploy or restart
- Change settings
- Delete anything
Tip: This is great for transparency without risk.
Project-Level Permissions
For finer control, assign roles per project:
- Open a project
- Go to Settings → Members
- Click Add Member
- Select a user from your organization
- Choose their project role:
- Project Admin - Full control of this project
- Project Developer - Deploy and manage environments
This lets you have developers who can only access specific projects.
Security Best Practices
Do's
- ✅ Use minimum required permissions
- ✅ Regularly review member list
- ✅ Remove access when people leave
- ✅ Use Admin role sparingly
Don'ts
- ❌ Share Owner account credentials
- ❌ Give everyone Admin access
- ❌ Leave ex-employees with access
Audit Trail
Track who did what:
- Go to Settings → Audit Log (coming soon)
- See all actions with:
- Who performed the action
- What they did
- When it happened
Frequently Asked Questions
Can I have multiple owners?
No, there's one Owner per organization. If you need to transfer ownership, contact support.
What happens when I remove someone?
They immediately lose access. Any deployments they triggered continue running.
Can someone be in multiple organizations?
Yes! Users can belong to multiple organizations with different roles in each.
How do I change my own role?
You can't change your own role. Another Admin or the Owner must do it.
What's Next?
- Add Custom Domain - Brand your environments
- Set Up Backups - Protect your data
- View Logs - Debug issues