Administration Overview
The ORG Admin role is the highest level of access within an organisation. ORG Admins can do everything ORG Members can do, plus they have exclusive access to organisation-level configuration, billing management, audit logging, and workspace administration.
What it is
This section documents all the capabilities unlocked by the ORG Admin role and how they relate to the rest of the platform.
How the ORG Admin Role is Assigned
The first ORG Admin is created automatically during organisation registration. The person who completes the registration wizard becomes the ORG Admin for that organisation.
Additional users are always created as ORG Members. There is no self-serve way for a user to become an ORG Admin. This must be managed through the platform's member management capabilities or by a platform operator.
What the ORG Admin Role Unlocks
Sidebar: Organisation Section
ORG Admins see an additional Organisation section at the bottom of the sidebar with three items not visible to ORG Members:
| Item | Path | Purpose |
|---|---|---|
| Settings | /settings |
Manage organisation-level API keys and view the worker SSH public key |
| Billing | /billing |
Manage the subscription, billing details, and invoices |
| Audit Log | /settings/audit-log |
View a complete record of all platform events for the organisation |
ORG Members who navigate directly to /settings or /settings/audit-log are redirected away. ORG Members can visit /billing but see a read-only view.
Site Search Shortcuts
ORG Admins see additional shortcuts in the global site search (Cmd+K / Ctrl+K) that ORG Members do not:
- Organisation settings
- Audit log
- Worker SSH key
- Create workspace
Workspace Administration
ORG Admins have implicit Workspace Admin access to every workspace in the organisation, without needing an explicit membership entry. They can:
- See all workspaces (ORG Members see only workspaces they belong to)
- Create new workspaces
- Delete workspaces
- Manage members of any workspace
Dashboard
ORG Admins see two additional sections on the Dashboard that are not shown to ORG Members:
- Team — the total number of organisation members
- Billing status — a snapshot of the current subscription state
Feature Access Matrix
The table below summarises what each role can and cannot do across the full platform.
| Feature | ORG Member | ORG Admin |
|---|---|---|
| Discover (chat, agent, RAG) | Yes | Yes |
| Define workflow | Yes | Yes |
| Design workflow | Yes | Yes |
| Build (Kanban, agent queue) | Yes | Yes |
| Workspaces, view | Own memberships only | All workspaces |
| Workspaces, create | No | Yes |
| Workspaces, delete | No | Yes |
| Workspace member management | Workspace Admin role only | All workspaces |
| Insights | Yes | Yes |
| Costs | Yes | Yes |
| Dashboard | Standard view | + Team and billing sections |
Settings (/settings) |
No | Yes |
| Org API key management | No | Yes |
| Worker SSH key | No | Yes |
| Billing, view | Read-only | Full access |
| Billing, subscribe / cancel | No | Yes |
| Billing, edit billing details | No | Yes |
| Invoice listing and detail | Yes | Yes |
| Audit Log | No | Yes |
| Invite org user (API) | No | Yes |
Workspace Role Reference
When an ORG Member is added to a workspace, their access within that workspace is controlled by their workspace role:
| Workspace Role | View contents | Assign products/projects | Manage members |
|---|---|---|---|
| Workspace Viewer | Yes | No | No |
| Workspace Collaborator | Yes | Yes | No |
| Workspace Admin | Yes | Yes | Yes |