Roles & Permissions (RBAC)

AegisRunner uses role-based access control to manage what team members can see and do. Roles are assigned at two levels: organization and project.

The Four Roles

Role	Description
Owner	Organization creator. Full control over billing, settings, and all projects. One per org.
Admin	Manages team members, invitations, project settings. Auto-promoted into all projects.
Member	Creates and manages crawls, test suites, test runs. Cannot manage team or settings.
Viewer	Read-only access. Can view results but cannot create, edit, or delete.

Organization vs Project Roles

Org Owners and Admins are automatically promoted into all projects. Members need explicit project access. A user can have different roles on different projects.

Auto-promotion: Org Owners get project Owner access. Org Admins get project Admin access. No manual setup needed.

Permission Matrix

Action	Owner	Admin	Member	Viewer
Organization
Manage billing	Yes	No	No	No
Manage settings	Yes	Yes	No	No
Invite/remove members	Yes	Yes	No	No
Change roles	Yes	Yes	No	No
Projects
Create projects	Yes	Yes	Yes	No
Manage project settings	Yes	Yes	No	No
Start crawls / run tests	Yes	Yes	Yes	No
Create/edit suites	Yes	Yes	Yes	No
View results	Yes	Yes	Yes	Yes

Team Invitations

Only Owners and Admins can send invitations. Invitations expire after 7 days.

Status	Meaning
Pending	Sent, awaiting acceptance
Accepted	User joined the project
Declined	User declined
Expired	7-day window passed
Revoked	Admin cancelled before acceptance

Team limits: Your plan determines max team members. Upgrade if the limit is reached.