What you’ll learn
- The five organization roles and what each can do
- How to invite, manage, and remove members
- How external (guest) access works
- The full permission matrix by feature area
Organization Roles
Five roles form a hierarchy. Higher roles inherit all permissions from lower roles.| Role | Description |
|---|---|
| Owner | Full control. Can transfer ownership. One per org. |
| Administrator | Manages members, projects, settings, integrations. |
| Member | View data, edit test cases, connect personal integrations. |
| Billing Manager | Manages subscriptions, invoices, payments. No test data access. |
| Viewer | Read-only access. Cannot modify anything. |
Manage Members
Invite a member
- Click Invite Member on the Users & Roles page
- Enter the email address
- Select a role from the dropdown
- Optionally check External User for time-limited guest access
- Click Send Invite
NoteOnly Owners and Administrators can invite members. The invite recipient receives an email with a link to join the organization.
Change a role
Click the role dropdown next to any member in the list and select a new role. Role changes take effect immediately.Remove a member
Click the remove button next to the member. A confirmation dialog appears. Removing a member revokes all access to the organization and its projects.Filter members
Use the All Roles filter to show only specific roles (Administrator, Member, Viewer, etc.).Role Delegation Rules
When assigning roles, these rules apply:| Assigner | Can Assign |
|---|---|
| Owner | All roles |
| Administrator | Administrator, Member, Billing Manager, Viewer |
| Member | Cannot assign roles |
| Others | Cannot assign roles |
- You cannot change your own role
- You cannot remove yourself from the organization
- The last administrator cannot be removed or demoted if no owner exists
External (Guest) Access
External members are users from outside the organization who receive time-limited access.| Property | Value |
|---|---|
| Default duration | 30 days |
| Maximum duration | 365 days |
| Cleanup | Expired access is automatically removed |
| Allowed roles | Member, Viewer only |
| Blocked roles | Owner, Administrator, Billing Manager |
Permission Matrix
InfoMembers can create and edit manual test cases but cannot delete them. Only Owners and Administrators can perform destructive actions on test data.
Best Practices
| Practice | Why |
|---|---|
| Assign the minimum role needed for each task | Reduces accidental changes and limits blast radius |
| Use external access for contractors and temporary collaborators | Access expires automatically, no manual cleanup needed |
| Keep the Owner role to one person | Prevents conflicting organization-level decisions |
| Use Billing Manager for finance teams | Separates billing access from project data access |
| Use API keys for CI/CD, not user credentials | API keys are scoped to projects and can be rotated independently |
| Review member roles and external access periodically | Catch stale permissions and expired contractors |
Troubleshooting
Cannot invite a new member
Cannot invite a new member
- Only Owners and Administrators can invite members. Verify your role on the Users & Roles page.
- Check if your organization has reached the member limit for your plan. See Billing & Usage.
Cannot change a member's role
Cannot change a member's role
- You can only assign roles at or below your own level. Administrators cannot assign the Owner role.
- You cannot change your own role. Ask another Owner or Administrator to update it.
Member cannot access a project or feature
Member cannot access a project or feature
- All permissions are organization-level. There are no separate project-level roles. Check the member’s organization role in the permission matrix above.
- Viewers have read-only access. Members cannot perform destructive actions (delete test runs, delete test cases). Promote the role if more access is needed.
External member access expired
External member access expired
- External access is time-limited (default 30 days). An Owner or Administrator can extend access from the Users & Roles page.
- Expired external members are automatically removed. Re-invite them if continued access is needed.
Cannot manage integrations
Cannot manage integrations
- Project-level integrations (GitHub, GitLab, Slack, monday, Azure DevOps) require Owner or Administrator role.
- User-level integrations (Jira, Linear, Asana) require at least Member role. Viewers and Billing Managers cannot connect personal integrations.
Cannot manage billing or subscription
Cannot manage billing or subscription
- Only Owners and Billing Managers can create, upgrade, pause, or cancel subscriptions.
- Administrators can view invoices and reallocate usage limits but cannot modify the subscription itself.
Organizations
Organization setup and structure
Projects
Create and manage projects
Billing & Usage
Manage subscriptions and usage limits
Project Settings
Configure project-level settings