Access Control
Each CmdCal organization has role-based access control. Every user belongs to one organization and holds a single role that determines what they can do.
Roles
| Role | Description |
|---|---|
| Owner | Full control. The user who created the organization. Can transfer ownership. |
| Admin | Can manage API keys, brand packs, billing, and approve renders. Cannot transfer ownership. |
| Member | Can view the dashboard, usage, and job history. Cannot create or revoke API keys or manage billing. |
Permission Matrix
| Action | Owner | Admin | Member |
|---|---|---|---|
| View dashboard and usage | Yes | Yes | Yes |
| View render job history | Yes | Yes | Yes |
| Download artifacts | Yes | Yes | Yes |
| Create API keys | Yes | Yes | No |
| Revoke API keys | Yes | Yes | No |
| Approve/reject renders | Yes | Yes | No |
| Manage brand packs | Yes | Yes | No |
| Change plan / billing | Yes | Yes | No |
| Manage team members | Yes | Yes | No |
| Transfer ownership | Yes | No | No |
The canManageOrg check in the platform requires owner or admin role. API key creation, revocation, and billing operations all use this check.
API Key Permissions
API keys are scoped to the organization, not to individual users. Any valid API key can access all V2 runtime endpoints (render, preflight, jobs) for the organization. Key creation and revocation require owner or admin role through a session-authenticated request.
Inviting Team Members
Removing Members
Organization owners and admins can remove members from the organization. Removed users lose access to the dashboard and all API endpoints immediately.
Transferring Ownership
Only the current owner can transfer ownership to another member of the organization. After transfer, the former owner retains admin-level access.
Next Steps
- Authentication -- how users sign in and how API keys authenticate
- API Keys -- create keys (requires owner or admin role)
- Billing -- manage subscription (requires owner or admin role)