Team Management
Invite members, assign roles, and manage team access
Team Management
Collaborate with your team by inviting members and assigning appropriate roles.
Understanding Roles
Aize Platform uses a role-based access control (RBAC) system with three distinct roles:
Owner
Full Control - Complete access to everything
Permissions:
- ✅ Manage wallet (view balance, deposit funds, view transactions)
- ✅ Create and manage all API keys (personal + team)
- ✅ Invite members
- ✅ Change member roles (including promoting to Admin)
- ✅ Remove members
- ✅ Update organization settings
- ✅ View all analytics and logs
- ✅ Access audit logs
- ✅ Delete organization
Use case: Founders, billing managers, ultimate decision makers
Admin
Team Management - Manage team and API keys, but no billing access
Permissions:
- ❌ No wallet access (cannot view balance or deposit)
- ✅ Create team-wide API keys
- ✅ Manage all API keys
- ✅ Invite members (as Admin or Member only)
- ❌ Cannot change roles
- ❌ Cannot remove members
- ✅ View team analytics
- ✅ View all request logs
- ✅ Access playground
- ❌ Cannot update org settings
Use case: Tech leads, DevOps engineers, team managers
Member
Personal Access - Individual developer access only
Permissions:
- ❌ No wallet access
- ✅ Create personal API keys only
- ✅ Manage own API keys
- ❌ Cannot create team keys
- ❌ Cannot invite members
- ❌ Cannot view team analytics
- ✅ View own request logs only
- ✅ Access playground
- ❌ Cannot update org settings
Use case: Developers, contractors, individual contributors
Inviting Members
Invitation Process
For Owners and Admins:
- Navigate to Members page
- Click "Invite Member" button
- Fill in invitation form:
- Email address: Member's email
- Role: Select Admin or Member
- ⚠️ Cannot invite as Owner for security
- Click "Send Invitation"
Two-Path Invitation System
The system handles existing and new users differently:
Path A: Existing User (already has account)
- User immediately added to organization
- Access granted right away
- Notification email sent
- User sees organization next time they log in
Path B: New User (no account yet)
- Invitation record created
- Email sent with signup link
- Link valid for 8 days
- When user signs up and logs in, automatically added to org
- Invitation consumed, cannot be reused
Invitation Email
Recipients receive an email containing:
- Organization name
- Role they're being invited as
- Invitation link (for new users)
- Instructions to accept
Invitation Status
Track invitations in the Members page:
- Pending: Sent but not yet accepted
- Accepted: User successfully joined
- Expired: 8 days passed, link no longer valid
- Revoked: Owner/Admin cancelled invitation
Managing Members
View Team Members
The Members page shows:
Member Card Details:
- Avatar: Profile picture or initials
- Name and Email: Member's identity
- Role Badge: Color-coded
- 🔵 Owner (blue)
- 🟣 Admin (purple)
- 🟢 Member (green)
- Joined Date: When they joined organization
- You Tag: Shows which one is you
Team Statistics:
- Total members count
- Admin count
- Developer (Member) count
Changing Member Roles
Requirements:
- Only Owner can change roles
- Cannot change your own role
- Cannot change other Owners' roles
How to change a role:
- Find member in the list
- Click on their role dropdown
- Select new role:
- Owner → Admin → Member
- Member → Admin → Owner
- Confirm change
- Member's permissions update immediately
- Action logged to audit trail
- Member receives email notification
Role Change Effects:
Promoting Member → Admin:
- Can now create team keys
- Can view all team logs
- Can invite other members
- Still no wallet access
Promoting Admin → Owner:
- Gains wallet access
- Can change member roles
- Can remove members
- Full organization control
Demoting Owner → Admin:
- Loses wallet access
- Cannot change roles anymore
- Cannot update org settings
- Retains team management abilities
Demoting Admin → Member:
- Loses team key creation
- Cannot view team logs
- Cannot invite members
- Only sees own activity
Removing Members
Requirements:
- Only Owner can remove members
- Cannot remove yourself
- Cannot remove other Owners
How to remove:
- Find member in list
- Click "Remove" button (trash icon)
- Confirm removal
- Member immediately loses access
- Removed from:
- Organization database
- Keycloak group
- LiteLLM team
- Their API keys are revoked
- Cannot access organization anymore
- Action logged to audit trail
- Member receives email notification
What happens to their API keys?:
- Personal keys: Automatically revoked
- Team keys they created: Remain active (owned by org)
- Cannot recreate same keys
Member Activity Tracking
Individual Member Analytics
For Admins/Owners viewing team members:
- Go to Request Logs
- Filter by member
- View their:
- API usage
- Models used
- Costs incurred
- Request history
For Members viewing own activity:
- Go to Request Logs
- Toggle "My Logs Only"
- See personal activity only
Audit Trail
All member-related actions are logged:
- Member invited
- Invitation accepted
- Role changed
- Member removed
- API keys created by member
- Settings updated by member
View in Audit Logs page (Owner/Admin only)
Permission Matrix
Detailed breakdown of what each role can do:
| Feature | Member | Admin | Owner |
|---|---|---|---|
| Wallet | |||
| View balance | ❌ | ❌ | ✅ |
| Deposit funds | ❌ | ❌ | ✅ |
| View transactions | ❌ | ❌ | ✅ |
| API Keys | |||
| Create personal keys | ✅ | ✅ | ✅ |
| Create team keys | ❌ | ✅ | ✅ |
| View own keys | ✅ | ✅ | ✅ |
| View team keys | ❌ | ✅ | ✅ |
| Revoke own keys | ✅ | ✅ | ✅ |
| Revoke team keys | ❌ | ✅ | ✅ |
| Members | |||
| Invite members | ❌ | ✅ | ✅ |
| View member list | ✅ | ✅ | ✅ |
| Change roles | ❌ | ❌ | ✅ |
| Remove members | ❌ | ❌ | ✅ |
| Analytics | |||
| View own logs | ✅ | ✅ | ✅ |
| View team logs | ❌ | ✅ | ✅ |
| View usage analytics | ❌ | ✅ | ✅ |
| View audit logs | ❌ | ✅ | ✅ |
| Organization | |||
| Update org settings | ❌ | ❌ | ✅ |
| Delete organization | ❌ | ❌ | ✅ |
| Playground | |||
| Access playground | ✅ | ✅ | ✅ |
Best Practices
Role Assignment Guidelines
Owner Role:
- Limit to 1-2 people
- Business stakeholders
- People who need billing access
- Trusted long-term team members
Admin Role:
- Tech leads
- Senior developers
- DevOps engineers
- People who manage team API keys
- Don't need billing access
Member Role:
- Individual contributors
- Contractors
- Temporary team members
- External consultants
- Junior developers
Security Recommendations
Onboarding:
- Invite with least privilege (Member first)
- Promote to Admin if needed after evaluation
- Never start someone as Owner
Offboarding:
- Remove member as soon as they leave team
- Their API keys automatically revoked
- Check audit logs for their recent activity
- Change team API keys if they had access
Regular Audits:
- Review member list monthly
- Remove inactive members
- Downgrade roles no longer needed
- Check audit logs for suspicious activity
Team Organization
Small Teams (1-5 people):
- 1 Owner
- Others as Members
- Promote to Admin as needed
Medium Teams (5-20 people):
- 1-2 Owners
- 2-3 Admins (team leads)
- Rest as Members
Large Teams (20+ people):
- 1-2 Owners (founders/executives)
- 5-10 Admins (managers/leads)
- Rest as Members
- Consider multiple organizations for departments
Multi-Organization Support
Users can belong to multiple organizations:
Switching Organizations:
- Click organization selector in dashboard header
- Select different organization
- Dashboard refreshes with that org's data
Separate Resources:
- Each organization has own wallet
- Separate API keys
- Separate team members
- Separate analytics
Same User, Different Roles:
- Can be Owner in one org
- Member in another org
- Permissions are org-specific
Common Scenarios
Adding a New Developer
- Invite as Member
- They accept invitation
- They create personal API keys
- They use keys in their development
- Their usage visible in their logs only
Promoting Team Lead
- Developer becomes tech lead
- Change role to Admin
- They can now:
- Create team API keys for production
- View all team activity
- Invite new members
- Manage team keys
- Still no billing access (Owner controls costs)
Contractor Finishing Project
- Contractor completed work
- Remove them from organization
- Their personal API keys revoked
- No longer has access
- Can re-invite later if needed
Founder Bringing in Co-Founder
- Invite as Admin first
- Evaluate trust level
- Promote to Owner when ready
- Now shares billing responsibilities
Troubleshooting
Member Can't See Organization
Possible causes:
- Invitation not accepted yet
- Email went to spam
- Wrong email address used
Solution:
- Check Members page for pending invitation
- Resend invitation
- Verify email address is correct
- Check that user signed up with same email
Member Can't Create Team Keys
Problem: Member trying to create team keys
Cause: Only Admins and Owners can create team keys
Solution:
- Owner changes their role to Admin
- Or they continue using personal keys
Can't Change Member Role
Problem: Role dropdown disabled
Possible causes:
- You're not an Owner
- Trying to change your own role
- Trying to change another Owner's role
Solution: Ask current Owner to make the change
Invitation Expired
Problem: New user signup link no longer works
Cause: Invitation valid for 8 days only
Solution:
- Owner resends invitation
- User has another 8 days to accept
- Link sent to same email address