Skip to content

Collaborators

A Collaborator is a person who belongs to an Organization. Every Organization has at least one collaborator: the owner who created it. From there, the owner or admins can invite team members, assign roles, and control what each person can see and do.

Collaborators exist because B2B customers are not a single person. A company might need its CTO to manage licenses, its finance team to download invoices, and its project manager to open support tickets -- all under the same account, each seeing only what is relevant to their job.

The 4 roles

Every collaborator has one role. Roles follow a strict hierarchy -- higher roles can do everything lower roles can do, plus more.

RoleLevelWhat they can do
Owner1Full access to everything. Manages the organization. Cannot be removed.
Admin2Manages team members: invite, remove, change roles and scopes.
Member3Access governed by assigned scopes. Sees only what scopes allow.
Guest4Minimal access. Typically limited to viewing shared documents.

There is also a transient state called pending, which applies to collaborators who have been invited but have not yet accepted. Once they accept, they are assigned their intended role.

Owner immutability

The owner role has special protections:

  • The owner cannot be deleted from the organization
  • The owner cannot be downgraded to a lower role
  • The owner has implicit access to all scopes (scope assignments are ignored)
  • Ownership transfer is a dedicated admin operation -- it requires an intentional handoff to another member

RBAC scopes

Scopes control what a collaborator can access. A member with the finances scope can see invoices and tax documents, but cannot manage licenses. A member with the licenses scope can activate software, but cannot view financial records.

ScopeWhat it controlsTypical role
organizationView and update organization profile and settingsAll members
financesView invoices, tax documents, payment statusFinance team
ordersView order history and purchase detailsProcurement
licensesView and activate software licenses, access downloadsIT / DevOps
ticketsCreate and view service requestsSupport contacts
quotesView and accept commercial proposalsProcurement / managers
contractsView contracts and SLA termsLegal / management
documentsView and download shared documentsAny relevant member
downloadsDownload products linked to entitlementsIT / DevOps
entitlementsView entitlements, environments, and servicesTechnical leads
adminAdministrative operations (admin role only, grants all access)Admins

Scopes are additive: a collaborator with finances and orders can see both invoices and order history. A collaborator with no scopes assigned can log in but sees an empty dashboard.

The scope list is extensible. Developers can register custom scopes using a WordPress filter.

Scope limits

By default, each organization can have up to 5 collaborators with the tickets scope. This reflects the standard service terms ("5 support contacts per account"). The limit is configurable through the Policy Engine and can be adjusted per organization.

Invite flow

Adding a new collaborator follows this sequence:

Key details:

  • Invite tokens expire after 7 days (configurable). Expired invites can be resent.
  • If the email belongs to an existing WordPress user, the system links that user to the organization without creating a new account.
  • If the email is new, the invite includes account creation.
  • Bulk invites are supported -- multiple emails separated by commas, all receiving the same role and scopes.
  • Admins can also choose from role templates (predefined scope combinations) to speed up configuration. For example, a "Finance" template might pre-select finances, orders, and quotes.

What each role can do

ActionOwnerAdminMemberGuest
View organization detailsYesYesYesYes
Edit organization detailsYesYesNoNo
Invite collaboratorsYesYesNoNo
Remove collaboratorsYesYesNoNo
Change roles and scopesYesYesNoNo
Accept quotesYesYesScopedNo
View invoicesYesYesScopedNo
Create service requestsYesYesScopedNo
Manage licensesYesYesScopedNo
View documentsYesYesScopedScoped
Transfer ownershipYesNoNoNo

"Scoped" means the action is available only if the collaborator has the relevant scope assigned.

What admins see

From the WordPress admin, the team management view for an Organization shows:

  • Each collaborator's name, email, role, assigned scopes, and join date
  • Status indicators (active, pending invite)
  • Actions: edit role, edit scopes, resend invite, remove

The admin can also see across all organizations -- for example, finding a specific collaborator by email and seeing which organizations they belong to.