DaleaWiki

Org members and roles

Invite, change role, remove. Org roles vs. workspace roles.

Managing the people in your organisation has two layers: the organisation role (controls billing, member directory, and workspace creation) and the workspace roles (control day-to-day work inside each workspace). This page is for org admins doing the first; workspace-level membership is covered in Workspaces and Roles and permissions.

Organisation roles

Three built-in org roles. Every member has exactly one.

Owner
Everything. Invite/remove members, change tier, manage billing, create or delete workspaces, transfer ownership, delete the org. Typically one person — the buyer or programme lead.
Admin
Like Owner minus billing and org deletion. The day-to-day administrative role.
Member
Read-only at the org level (sees other members, sees the workspace list). Actually doing work happens at the workspace level via workspace roles.

Org-level roles do not automatically grant any rights inside specific workspaces. An org Admin who isn't added to a workspace cannot see that workspace's data. Workspace membership is a separate decision.

Inviting members

  1. Settings → Org → Members → Invite

    Click Invite member.

  2. Add emails

    One per line. Up to 50 in a single invite.

  3. Pick the org role

    Default is Member. Bump to Admin for IT staff and ops. Reserve Owner for one or two people.

  4. Optional: pre-assign workspace memberships

    A drop-down lets you select one or more workspaces and the role each invitee should get inside them. Saves a second click after they accept.

  5. Send

    Each invitee gets an email with an accept link. The invite expires in 14 days; resend or rescind from the same Members page.

A common bulk-onboarding flow: invite 60 chemists at once, all as Members, all pre-assigned to a single "Chemistry" workspace as Editors. They each click accept once, set up a passkey, and they're working.

Changing a member's role

Same Members page, click the role pill next to a name, pick a new value. Changes apply immediately. Auditing records the actor (you), the target, the old role and the new role.

You cannot change your own role. To rotate ownership, the current Owner demotes themselves while promoting another Owner — both happen in the same flow.

Removing a member

Same page, click the kebab menu → Remove from org. This:

  • Revokes all workspace memberships in this org.
  • Invalidates all sessions on this org's workspaces.
  • Soft-deletes their org record (recoverable for 30 days).
  • Is logged with operator, timestamp and reason.

It does not delete their Dalea account; they can still sign in and access other orgs they belong to.

For sensitive offboarding (terminated employee), pair this with: rotating any shared API keys, removing them from any OAuth client memberships, and exporting their last-90-days audit log. See Audit logging.

Workspace memberships at scale

Most teams find this more useful than micromanaging org roles:

  • Make a few people org Admins — typically the IT lead and the ops manager.
  • Add everyone else as org Members.
  • Then run workspace memberships explicitly per workspace.

For organisations on the Enterprise tier with SSO, group memberships from your IdP (Okta, Azure AD, Google Workspace) can map to workspace roles automatically. See SSO setup (P1, coming soon) when that doc lands.

Tips

Two Owners, always

At least two people should be Owner of any org you depend on. If your sole Owner gets hit by a bus (or just leaves the company), you need someone with the keys. The cost is zero; the cost of getting it wrong is high.

Don't reuse personal email for business orgs

Sign up business members with their work email, not their personal Gmail. When someone leaves, IT can reclaim the work email; they can't reclaim a personal one. Sessions tied to personal emails outlive employment.

What's next

Roles and permissions
Audit logging
Workspaces
Previous
Sessions and devices
Next
Audit logging