Console
Members & roles
Add people to your organization and grant them access through roles.
Inviting members
Add someone under Access → Members by email. If they already have an UPGREAT account they are added immediately; otherwise they are provisioned and emailed a setup link. You can see and revoke outstanding invitations on the same screen.
curl -X POST https://api.upgreat.ai/v1/orgs/{orgId}/invitations \
-H "Authorization: Bearer <access-token>" \
-H "Content-Type: application/json" \
-d '{ "email": "engineer@acme.eu", "role": "member" }'Built-in roles
- owner — full control, including billing, deleting the organization and managing other owners.
- admin — manage members, projects, keys and policies, but not ownership or billing.
- member — day-to-day use of the projects they can access.
Change a member's role inline in the members table, or via the API:
curl -X PATCH https://api.upgreat.ai/v1/orgs/{orgId}/members/{userId} \
-H "Authorization: Bearer <access-token>" \
-H "Content-Type: application/json" \
-d '{ "role": "admin" }'Custom roles
When the built-ins are too coarse, define your own roles under Access → Roles. A custom role is a named set of permissions you can assign like any built-in. Create or update one with PUT /v1/orgs/{orgId}/roles/{roleKey}; deleting a custom role removes it, while deleting a built-in resets it to its default.
Roles vs policies
Roles are the broad strokes — what a person is. For fine-grained, resource-level rules (for example “can use these models in this project only”), attach an IAM policy.