Collaborator Management
Collaborators are the people within an Organization who have access to the customer portal. This page explains how team access works as a process: the invite flow, role assignment, scope configuration, removal, and ownership transfer.
For concept definitions of roles and scopes, see Collaborators.
Role hierarchy
Every collaborator has one role that determines their level of authority:
| Role | Can manage team | Can edit org | Access level |
|---|---|---|---|
owner | Yes | Yes | Full access, all scopes |
admin | Yes | Yes | Full access, all scopes |
member | No | No | Only assigned scopes |
guest | No | No | Read-only, assigned scopes |
pending | No | No | No access (invite sent) |
There is exactly one owner per Organization. The owner can do everything an admin can, plus transfer ownership.
The invite flow
Key details:
- The invite email contains a unique token link with a 7-day expiration.
- If the email already belongs to an existing user, the system links that user to the Organization without creating a new account.
- If the email is new, the invite includes account registration as part of the acceptance flow.
- Expired invites can be re-sent by the owner or admin, generating a new token.
- Bulk invites are supported: multiple emails with the same role and scopes.
Scope configuration
Scopes control what a collaborator can see and do. Each scope maps to a functional area:
| Scope | What it grants access to |
|---|---|
organization | Organization profile, team list |
finances | Invoices, tax invoices |
orders | Order history |
licenses | License management, site activation |
tickets | Service requests |
quotes | Quote viewing and acceptance |
contracts | Contract viewing, SLA terms |
documents | Shared document library |
downloads | Product downloads |
admin | Grants access to all scopes automatically |
When inviting a collaborator, the owner or admin selects individual scopes or uses a predefined template (e.g., "Finance" assigns finances + orders + quotes). New scopes default to disabled for existing members -- the system follows the principle of least privilege.
Changing roles and scopes
- The owner can change any collaborator's role and scopes.
- An admin can change roles and scopes of
memberandguestcollaborators but cannot modify the owner or promote anyone to owner. - Scope changes take effect immediately on the next portal request.
What happens when a collaborator is removed
When an owner or admin removes a collaborator:
- All access is revoked immediately -- the collaborator can no longer authenticate against the Organization.
- The collaborator record is retained for audit purposes but marked as inactive.
- If the person belongs to multiple Organizations, their access to other Organizations is unaffected.
Transferring ownership
Ownership transfer is a deliberate operation available only to the current owner:
- The current owner selects a collaborator to become the new owner.
- The system promotes the selected collaborator to
owner. - The previous owner is demoted to
admin. - There is always exactly one owner -- the transfer is atomic.
Admins cannot initiate ownership transfer.
Related pages
- Organization Onboarding -- How the first collaborator (owner) is added
- Collaborators -- Concept definitions for roles and scopes