Team Members & RBAC

Team members and role-based access control (RBAC) enables workspace collaboration with granular permission management.

Quick Start

Add a Member

# Add a member with basic member role
curl -X POST http://localhost:8000/api/v1/workspaces/{workspace_id}/members \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"user_id":"user-abc123","role":"member"}'

Update Member Role

# Promote member to admin
curl -X PATCH http://localhost:8000/api/v1/workspaces/{workspace_id}/members/{user_id} \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"role":"admin"}'

List All Members

# View all workspace members
curl http://localhost:8000/api/v1/workspaces/{workspace_id}/members \
  -H "Authorization: Bearer $TOKEN"

How It Works

Role	Add Members	Manage Settings	Create Issues	Remove Members
Owner	✅	✅	✅	✅
Admin	✅	✅	✅	✅
Member	❌	❌	✅	❌

API Endpoints

Add Member

Add a new member to the workspace with a specific role.

curl -X POST http://localhost:8000/api/v1/workspaces/{workspace_id}/members \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "user-abc123",
    "role": "member"
  }'

List Members

Retrieve all members in the workspace.

curl http://localhost:8000/api/v1/workspaces/{workspace_id}/members \
  -H "Authorization: Bearer $TOKEN"

Update Member Role

Change a member’s role within the workspace.

curl -X PATCH http://localhost:8000/api/v1/workspaces/{workspace_id}/members/{user_id} \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "admin"
  }'

Remove Member

Remove a member from the workspace.

curl -X DELETE http://localhost:8000/api/v1/workspaces/{workspace_id}/members/{user_id} \
  -H "Authorization: Bearer $TOKEN"

Role Hierarchy

Role Capabilities

Capability	Owner	Admin	Member
Member Management
Add members	✅	✅	❌
Remove members	✅	✅	❌
Update member roles	✅	✅	❌
Workspace Settings
Modify workspace settings	✅	✅	❌
Delete workspace	✅	❌	❌
Content Management
Create issues/tasks	✅	✅	✅
Edit own content	✅	✅	✅
Edit others’ content	✅	✅	❌

Schema Reference

Add Member Request

Field	Type	Required	Description
`user_id`	`string`	✅	Unique identifier for the user
`role`	`string`	✅	Role to assign: `owner`, `admin`, or `member`

{
  "user_id": "user-abc123",
  "role": "member"
}

Update Role Request

Field	Type	Required	Description
`role`	`string`	✅	New role: `owner`, `admin`, or `member`

{
  "role": "admin"
}

Member Response

Field	Type	Description
`id`	`string`	Unique member ID
`workspace_id`	`string`	Workspace identifier
`user_id`	`string`	User identifier
`role`	`string`	Current role
`created_at`	`string`	ISO 8601 timestamp

{
  "id": "mem-abc123",
  "workspace_id": "ws-abc123",
  "user_id": "user-abc123",
  "role": "admin",
  "created_at": "2025-01-01T00:00:00"
}

Best Practices

Principle of Least Privilege

Always assign the minimum role required for a user’s responsibilities. Start with member role and promote only when necessary for their workspace functions.

Regular Role Audits

Periodically review member roles and permissions. Remove inactive members and adjust roles based on changing responsibilities within the workspace.

Owner Role Management

Limit the number of owners in a workspace. Having too many owners can create security risks and confusion about who has ultimate responsibility.

Secure Token Management

Always use secure JWT tokens for API authentication. Store tokens securely and rotate them regularly to maintain workspace security.

Testing

Run the member management tests to verify functionality:

pytest tests/test_services.py::TestMemberService -v

Expected test coverage includes:

Adding members with different roles
Role hierarchy validation
Permission enforcement
Member removal workflows

Workspace Management

Learn about workspace creation and management

Authentication

Understand JWT token authentication

Getting Started

Core Concepts

Guides

Features

Models

Databases

Observability

Memory

Knowledge

RAG

Persistence

Tools

Other Features

Developers

Configuration

Best Practices

Getting Started (No Code)

Team Members & RBAC

Quick Start

How It Works

API Endpoints

Add Member

List Members

Update Member Role

Remove Member

Role Hierarchy

Role Capabilities

Schema Reference

Add Member Request

Update Role Request

Member Response

Best Practices

Testing

Workspace Management

Authentication

Getting Started

Core Concepts

Guides

Features

Models

Databases

Observability

Memory

Knowledge

RAG

Persistence

Tools

Other Features

Developers

Configuration

Best Practices

Getting Started (No Code)

​Quick Start

​How It Works

​API Endpoints

​Add Member

​List Members

​Update Member Role

​Remove Member

​Role Hierarchy

​Role Capabilities

​Schema Reference

​Add Member Request

​Update Role Request

​Member Response

​Best Practices

​Testing

​Related

Workspace Management

Authentication

Quick Start

How It Works

API Endpoints

Add Member

List Members

Update Member Role

Remove Member

Role Hierarchy

Role Capabilities

Schema Reference

Add Member Request

Update Role Request

Member Response

Best Practices

Testing

Related