Team Management

RBAC and user groups for collaborative work

Invite your team with role-based access control. Owners, Admins, Editors, Viewers. Plus custom groups and fine-grained permission overrides for complex requirements.

Capabilities

Role-Based Access

Four built-in roles: Owner, Admin, Editor, Viewer. Clear permissions hierarchy.

User Groups

Create groups for bulk permission assignment. "Engineering", "Sales", "Contractors".

Email Invitations

Invite team members by email with expiring tokens. Secure onboarding flow.

Permission Overrides

Grant or deny specific permissions per user or group. Fine-grained when you need it.

App-Level Access

Control access at the app level. Some apps for everyone, some for specific teams.

Member Status

Track pending, active, and suspended members. Full lifecycle management.

Use Cases

Team collaboration Contractor access Department separation Client access control

Why It Matters

Fine-grained without being complex
Groups make bulk management easy
Permission overrides handle edge cases
Full audit trail of access changes

How It Works

Team Management in Runwork provides enterprise-grade access control without the enterprise complexity. Four built-in roles—Owner, Admin, Editor, Viewer—establish a clear permissions hierarchy, while custom groups and permission overrides handle sophisticated requirements when you need them.

Inviting team members is simple: enter their email address, select a role, and Runwork sends a secure invitation with an expiring token. New members join with their assigned permissions already in place. You can track invitation status—pending, accepted, or expired—and resend invitations when needed. The entire member lifecycle is managed: invite, activate, adjust permissions, and when necessary, suspend or remove.

User groups add a powerful layer of organization. Create groups like "Engineering", "Sales", or "Contractors", then assign permissions to the group rather than individual users. When a new team member joins, adding them to the appropriate groups immediately grants the right access levels. Groups also simplify app-level access—make certain apps available only to specific groups.

Permission overrides handle edge cases. The four built-in roles cover most scenarios, but sometimes you need exceptions: an Editor who can also delete records, a Viewer who can access one specific app others can't. Override specific permissions per user or group without disrupting the overall role hierarchy. This flexibility extends across workspaces, where the same user can have different roles in different contexts.

Every access change is logged in your audit logs. See who invited whom, when permissions changed, and who accessed what. This visibility is essential for security reviews and compliance requirements.

Frequently Asked Questions

What roles are available in Runwork team management?

Runwork includes four built-in roles: Owner (full control including billing and workspace deletion), Admin (manage users and settings, but cannot delete the workspace), Editor (create and modify content but cannot manage users), and Viewer (read-only access). Each role inherits permissions from lower roles in the hierarchy.

How do user groups work in Runwork?

User groups let you organize team members and assign permissions collectively. Create groups like "Engineering" or "Sales", add members to groups, and assign app access or permission overrides at the group level. When you add someone to a group, they immediately inherit all group permissions. This makes onboarding and access management much simpler than individual assignments.

Can I give someone extra permissions beyond their role?

Yes. Permission overrides let you grant or deny specific permissions to individual users or groups, regardless of their base role. For example, you can give an Editor the ability to delete records, or restrict an Admin from accessing certain sensitive apps. Overrides provide fine-grained control without disrupting your overall role structure.

How do I invite team members to my workspace?

Invite team members by entering their email address and selecting a role. Runwork sends a secure invitation with a time-limited token. You can track invitation status (pending, accepted, expired) from the team management dashboard. Expired invitations can be resent. Once accepted, members immediately have access based on their assigned role and groups.

Related Features

Workspaces Authentication Audit Logs

See How Teams Use Team Management

CTOs Agencies Operations Teams

Ready to try Team Management?

Start vibe-coding with Runwork today.

Get Started Explore More Features