Roles and Permissions
Understand organization access for members, admins, owners, and API keys.
Roles control what a person can do inside a organization. Permissions also affect API keys because keys can be scoped to selected actions.
Common role model
Section titled “Common role model”The app uses organization roles such as:
- owner
- admin
- member
Exact permissions can vary by organization configuration, but the practical model is:
| Role | Typical access |
|---|---|
| Owner | Full control, including billing, members, settings, and deletion |
| Admin | Manage most organization operations and members |
| Member | Use product features within granted access |
Permission areas
Section titled “Permission areas”API key and team permission areas can include:
- project
- search
- search history
- member
- team role
- team settings
- API key
- billing
- invitation
Use the smallest permission set that supports the job.
Owners
Section titled “Owners”Owners should be limited to people who can make irreversible organization decisions. A organization should have more than one owner when possible so the team does not lose administrative access.
API key permissions
Section titled “API key permissions”API keys can grant selected access to the organization. Treat keys like passwords:
- create separate keys per integration
- grant only required permissions
- revoke keys that are no longer used
- rotate compromised keys immediately
- never commit keys to source control
Open in iSearchFrom
Section titled “Open in iSearchFrom”Open Team Settings in the app. Review members, roles, invites, token transactions, and organization-level controls here.