RBAC & Team Management
CredVault supports deep multi-tenant organization structures, allowing you to invite team members to collaborate on workspaces with highly granular Role-Based Access Control (RBAC).
Workspaces
A Workspace is an isolated environment containing Clusters, Functions, and API Keys. Users can belong to multiple workspaces simultaneously, seamlessly switching between them from the top-left corner of the Dashboard.
Roles & Permissions
When inviting a user to a Workspace, you assign them a strict Role that dictates exactly what they can do:
| Role | Capabilities | Ideal For |
|---|---|---|
| Owner | Absolute control. Can delete workspaces, change billing, and manage all users. | Founders, CTOs |
| Admin | Can create/delete clusters, manage API keys, and invite other Members. Cannot alter billing. | Engineering Managers |
| Developer | Can read/write to databases, deploy functions, and view logs. Cannot manage settings. | Software Engineers |
| Viewer | Read-only access to logs, metrics, and data querying. Cannot mutate any state. | Data Analysts, PMs |
Managing Team Members
Inviting Members
From the Settings -> Members page, you can invite colleagues via email. They will receive a secure, one-time invitation link to join your Workspace.
Enforcing Policies
Enterprise administrators can enforce organization-wide policies on all workspace members:
- Required 2FA: Prevent any member from accessing the workspace unless 2FA is enabled on their account.
- Session Limits: Limit workspace members to a single active session globally to prevent credential sharing.
- Audit Trails: Every action performed by a team member is logged with their specific User ID to the Activity Log.