Product Guide
Teams
Overview

Teams

Teams let you manage project access by grouping users together. Instead of assigning individual users to projects one by one, you create teams, add members, and grant those teams access to projects with specific roles.

Plan Limits

Team member limits vary by plan:

PlanTeam Members
Free2 members
Starter5 members
ProUnlimited
AgencyUnlimited

Team member limits apply to the total number of organization members. You can create unlimited teams within these limits.

Overview

The team-based access control system follows the GitHub/GitLab model:

  • Teams are groups of users within your organization
  • Team Members are users assigned to a team
  • Project Access is granted by assigning teams to projects with a role (Admin, Developer, or Viewer)

This makes it easy to onboard new members by adding them to relevant teams, manage access for multiple projects at once, and audit who has access to what.

Key Concepts

Teams

A team is a named group of users within your organization. Each team has:

  • Name: A descriptive name (e.g., "Backend Team", "Client Alpha Team")
  • Description: Optional details about the team's purpose
  • Color: A badge color for visual identification in the UI
  • Members: Users who belong to the team

Team Roles on Projects

When you assign a team to a project, you specify a role that determines what team members can do:

RoleCapabilities
AdminFull project access including settings, team management, environment deletion, backup restoration
DeveloperDeploy, create environments, create backups, view monitoring
ViewerView-only access to project, environments, and monitoring

Access Resolution

When a user belongs to multiple teams that have access to the same project, they get the highest role from any of their teams:

Admin > Developer > Viewer

Special Case: Organization Owner

  • Organization Owners always have Admin access to all projects in their organization
  • This is a safety net so owners can never be locked out

Managing Teams

Creating a Team

  1. Go to Settings > Teams
  2. Click Create Team
  3. Enter a name and optional description
  4. Select a badge color
  5. Click Create

Adding Members to a Team

  1. Go to Settings > Teams
  2. Click on the team name to open details
  3. Click Add Members
  4. Search and select organization members to add
  5. Click Add Selected

Removing Members from a Team

  1. Go to Settings > Teams
  2. Click on the team name
  3. Find the member in the list
  4. Click the remove button (trash icon)

Assigning Teams to Projects

Granting Project Access

  1. Go to Projects > Select a project > Settings > Teams
  2. Click Assign Team
  3. Select one or more teams from your organization
  4. Choose a role (Admin, Developer, or Viewer)
  5. Click Assign

Changing Team Role on a Project

  1. Go to Projects > Select a project > Settings > Teams
  2. Find the team in the list
  3. Click on the role dropdown
  4. Select the new role

Removing Team Access

  1. Go to Projects > Select a project > Settings > Teams
  2. Find the team in the list
  3. Click the remove button (trash icon)
  4. Confirm the removal

Permissions & RBAC

OEC.sh uses Role-Based Access Control with 55+ permissions across 6 system roles.

System Roles

The platform has 6 predefined roles organized in a hierarchy:

Portal Level:

  • Portal Admin - Full platform access (OEC.sh staff only)

Organization Level:

  • Owner - Full organization access, billing, member management
  • Admin - Organization management without billing access
  • Developer - Create projects, deploy environments
  • Viewer - Read-only access to organization resources

Project Level:

  • Team Admin - Full project access via team assignment
  • Team Developer - Deploy and manage environments via team
  • Team Viewer - View-only project access via team

Organization-Level Permissions

PermissionDescription
org.members.listView organization members
org.members.inviteInvite new members
org.members.removeRemove members
org.teams.listView teams in the organization
org.teams.createCreate new teams
org.teams.updateEdit team details and members
org.teams.deleteDelete teams
org.projects.createCreate new projects
org.servers.listView servers
org.storage.listView storage providers
org.billing.viewView billing information

Project-Level Permissions

PermissionDescription
project.teams.manageAssign/remove teams, change roles
project.environments.createCreate new environments
project.environments.deleteDelete environments
project.environments.deployDeploy to environments
project.backups.createCreate backups
project.backups.restoreRestore from backups
project.settings.updateModify project settings

Pro and Agency plans include granular permissions (55+) and audit logs. Agency plans also include custom roles.

Team Structure Examples

  • By Function: "Backend Team", "Frontend Team", "DevOps Team"
  • By Project/Client: "Client Alpha Team", "Internal Projects Team"
  • By Access Level: "Project Admins", "Developers", "Stakeholders"

Onboarding and Offboarding

To onboard someone, add them to your organization, then add them to the appropriate teams. They automatically gain access to all projects those teams can reach.

To offboard someone, remove them from all teams (or remove them from the organization entirely). Their access to all team-based projects is revoked immediately.

Troubleshooting

User can't access a project

  1. Verify the user is a member of a team
  2. Verify that team has been assigned to the project
  3. Check the team's role on the project has sufficient permissions

Changes not taking effect

  • Permission changes may take up to 5 minutes due to caching
  • Ask the user to refresh their browser
  • If urgent, the user can log out and log back in

Can't delete a team

  • Teams with project assignments cannot be deleted
  • Remove the team from all projects first, then delete
Usage & QuotasMembers