Members & Roles
LLMx Prompt Studio uses a role-based access control system to manage what each team member can do within an organization. This guide explains the role hierarchy, permissions, and how to manage your team.
Role Hierarchy
Every organization member is assigned exactly one role. Roles are hierarchical, meaning higher roles include all permissions of lower roles.
Owner
↓
Admin
↓
Editor
↓
ViewerRole Descriptions
| Role | Description | Typical Use |
|---|---|---|
| Owner | Full control over the organization, including the ability to delete it | Founders, team leads, account administrators |
| Admin | Can manage team members and configure settings, but cannot delete the organization | Managers, senior engineers, DevOps |
| Editor | Can create, edit, and delete prompts and folders | Prompt engineers, developers, content creators |
| Viewer | Read-only access to all content | Stakeholders, reviewers, auditors |
Permission Matrix
The following table shows exactly what each role can do:
| Permission | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| Content | ||||
| View prompts & folders | ✓ | ✓ | ✓ | ✓ |
| Create prompts & folders | ✓ | ✓ | ✓ | |
| Edit prompts & folders | ✓ | ✓ | ✓ | |
| Delete prompts & folders | ✓ | ✓ | ✓ | |
| Deployments | ||||
| View deployments | ✓ | ✓ | ✓ | ✓ |
| Create deployments | ✓ | ✓ | ✓ | |
| Rollback deployments | ✓ | ✓ | ✓ | |
| Team Management | ||||
| View member list | ✓ | ✓ | ✓ | ✓ |
| Invite new members | ✓ | ✓ | ||
| Change member roles | ✓ | |||
| Remove members | ✓ | ✓ | ||
| Settings | ||||
| View organization settings | ✓ | ✓ | ✓ | ✓ |
| Edit organization name | ✓ | |||
| Configure LLM providers | ✓ | ✓ | ||
| Manage API keys | ✓ | ✓ | ||
| Danger Zone | ||||
| Delete organization | ✓ |
Viewing Members
To see who belongs to your organization:
- Navigate to Settings (click the gear icon or go to
/{org-slug}/settings) - Select the Members tab
- View the member list with names, emails, and roles
The member list shows:
- Profile picture (if available)
- Display name
- Email address
- Current role
- When they joined
Changing Member Roles
Only Owners can change member roles.
To Change a Role
- Go to Settings → Members
- Find the member you want to update
- Click the role dropdown next to their name
- Select the new role
- The change takes effect immediately
Role Change Restrictions
- Cannot demote yourself: If you’re the only Owner, you cannot change your own role
- Cannot demote the last Owner: Every organization must have at least one Owner
- Admins cannot modify Owners: Only Owners can change another Owner’s role
Removing Members
Owners and Admins can remove members from the organization.
To Remove a Member
- Go to Settings → Members
- Find the member you want to remove
- Click the remove button (trash icon) next to their name
- Confirm the removal
Removal Restrictions
- Cannot remove yourself: Use “Leave Organization” instead
- Cannot remove the last Owner: Transfer ownership first
- Admins cannot remove Owners: Only another Owner can remove an Owner
The Last Owner Rule
Every organization must have at least one Owner. This prevents organizations from becoming orphaned (having no one with full control).
Protected scenarios:
- The last Owner cannot change their own role
- The last Owner cannot be removed
- The last Owner cannot leave the organization
How to handle this:
- Promote another member to Owner first
- Then demote yourself or leave
Ownership Transfer
To transfer ownership of an organization:
- Promote the new owner: Change their role from Admin/Editor/Viewer to Owner
- Demote yourself (optional): Change your role to Admin, Editor, or Viewer
- Leave the organization (optional): Remove yourself from the member list
Important: Multiple Owners are allowed. Consider having at least two Owners for business continuity.
Default Role for New Members
When inviting new members, you select their role. The organization setting Default Member Role (configured in Settings) determines the pre-selected option in the invitation form.
Most organizations use Editor as the default, allowing new members to contribute immediately without requiring manual role upgrades.
For Developers
Permission Helper Functions
The frontend provides centralized permission checking:
import {
canEditContent,
canManageMembers,
canEditOrgSettings,
isOwnerRole
} from '@/permissions';
// Check if current user can edit
if (canEditContent(currentRole)) {
showEditButton();
}
// Check if current user can manage team
if (canManageMembers(currentRole)) {
showInviteButton();
}Role Comparison
Roles have a numeric hierarchy for comparison:
const ROLE_LEVELS = {
viewer: 1,
editor: 2,
admin: 3,
owner: 4
};
function hasMinimumRole(userRole, requiredRole) {
return ROLE_LEVELS[userRole] >= ROLE_LEVELS[requiredRole];
}Backend Permission Checks
API endpoints validate permissions server-side:
# Check if user has admin+ permissions
def require_admin(org_id: str, user_id: str):
role = await org_service.get_user_role(org_id, user_id)
if role not in [OrgRole.OWNER, OrgRole.ADMIN]:
raise HTTPException(403, "Admin access required")
# Check if user is owner
def require_owner(org_id: str, user_id: str):
role = await org_service.get_user_role(org_id, user_id)
if role != OrgRole.OWNER:
raise HTTPException(403, "Owner access required")Role Model
class OrgRole(str, Enum):
OWNER = "owner"
ADMIN = "admin"
EDITOR = "editor"
VIEWER = "viewer"
# Permission helpers
def can_manage_members(role: OrgRole) -> bool:
return role in [OrgRole.OWNER, OrgRole.ADMIN]
def can_edit(role: OrgRole) -> bool:
return role in [OrgRole.OWNER, OrgRole.ADMIN, OrgRole.EDITOR]
def can_view(role: OrgRole) -> bool:
return role in [OrgRole.OWNER, OrgRole.ADMIN, OrgRole.EDITOR, OrgRole.VIEWER]
def is_owner(role: OrgRole) -> bool:
return role == OrgRole.OWNER