Managing Members
This guide covers the full lifecycle of workspace members in SignalSmith — from inviting new members and assigning roles, to modifying access and removing members. For organization-level member management, see Organizations.
Member Lifecycle
Invitation Sent → Invitation Accepted → Active Member → (Optional) Role Change → (Optional) RemovedInviting Members
Via the UI
- Navigate to Settings > Members
- Click Invite Member
- Enter the member’s email address
- Select a role:
- Owner — Full access including workspace management
- Admin — Full access except workspace deletion
- Member — Operational read/write access
- Click Send Invitation
The invitee receives an email with a link to accept the invitation. They must create a SignalSmith account (or sign in with an existing one) to accept.
Via the API
curl -X POST https://your-workspace.signalsmith.dev/api/v1/members/invite \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "analyst@mycompany.com",
"role": "member"
}'Response:
{
"id": "inv_abc123",
"email": "analyst@mycompany.com",
"role": "member",
"status": "pending",
"expires_at": "2025-01-22T10:00:00Z",
"created_at": "2025-01-15T10:00:00Z"
}Bulk Invitations
To invite multiple members at once:
curl -X POST https://your-workspace.signalsmith.dev/api/v1/members/invite/bulk \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"invitations": [
{ "email": "analyst1@mycompany.com", "role": "member" },
{ "email": "analyst2@mycompany.com", "role": "member" },
{ "email": "lead@mycompany.com", "role": "admin" }
]
}'Who Can Invite
- Owners can invite members with any role (Owner, Admin, or Member)
- Admins can invite Members and Admins, but cannot invite Owners
- Members cannot invite other members
Managing Invitations
Pending invitations are visible in Settings > Members > Invitations.
Invitation Status
| Status | Description |
|---|---|
| Pending | Invitation sent, not yet accepted |
| Accepted | Member accepted and is now active |
| Expired | Invitation expired (default: 7 days) |
| Canceled | Invitation was revoked before acceptance |
Resending an Invitation
If an invitation was not received or has expired:
- Navigate to Settings > Members > Invitations
- Find the pending or expired invitation
- Click Resend
This generates a new invitation link and resets the expiration timer.
Canceling an Invitation
To revoke a pending invitation:
- Navigate to Settings > Members > Invitations
- Find the pending invitation
- Click Cancel
The invitation link will no longer work. The invitee will see an “Invitation expired” message if they try to use it.
Viewing Members
The member list shows all active workspace members:
| Column | Description |
|---|---|
| Name | Member’s display name |
| Member’s email address | |
| Role | Current workspace role (Owner, Admin, Member) |
| Groups | Number of groups the member belongs to |
| Last Active | When the member last performed an action |
| Joined | When the member accepted the invitation |
Filtering and Searching
- Search by name or email
- Filter by role — Show only Owners, Admins, or Members
- Filter by group — Show only members of a specific group
- Sort by name, role, last active, or join date
Changing a Member’s Role
Via the UI
- Navigate to Settings > Members
- Find the member in the list
- Click the role dropdown next to their name
- Select the new role
- Confirm the change
Via the API
curl -X PUT https://your-workspace.signalsmith.dev/api/v1/members/{member_id} \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"role": "admin"
}'Role Change Rules
| Current Role | Can Be Changed To | Changed By |
|---|---|---|
| Member | Admin, Owner | Owner, Admin |
| Admin | Member, Owner | Owner |
| Owner | Admin, Member | Owner (only if there is another Owner) |
Safeguards:
- There must always be at least one Owner. Demoting the last Owner is not allowed.
- Role changes take effect immediately.
- All role changes are logged in the workspace audit trail.
Removing Members
Via the UI
- Navigate to Settings > Members
- Find the member in the list
- Click the menu icon (or Remove button)
- Confirm the removal
Via the API
curl -X DELETE https://your-workspace.signalsmith.dev/api/v1/members/{member_id} \
-H "Authorization: Bearer $API_TOKEN"What Happens When a Member Is Removed
- The member immediately loses access to the workspace
- Their active sessions are invalidated
- Resources they created (models, audiences, syncs) remain in the workspace and continue to function
- Their group memberships are removed
- API keys they created are not automatically revoked — revoke them separately if needed
Who Can Remove Members
- Owners can remove any member (including other Owners, as long as at least one Owner remains)
- Admins can remove Members and other Admins, but cannot remove Owners
- Members cannot remove other members
Viewing Member Activity
For each member, you can view their recent activity:
- Navigate to Settings > Members
- Click on a member’s name
- View the Activity tab
The activity log shows:
| Field | Description |
|---|---|
| Action | What the member did (created, updated, deleted, viewed) |
| Resource | Which resource was affected (model, sync, audience, etc.) |
| Timestamp | When the action occurred |
| Details | Additional context (e.g., field changes, configuration updates) |
Organization-Level Member Management
If your workspace belongs to an organization, members can also be managed at the organization level. Organization-level management provides:
- Centralized invitations — Invite a member to the organization and grant access to multiple workspaces in a single step
- Cross-workspace visibility — See a member’s activity across all workspaces from a single view
- Bulk access changes — Add or remove workspace access for a member across multiple workspaces at once
To manage members at the organization level:
- Navigate to Organization > Members
- Use the same invite, modify, and remove workflows described above, but with cross-workspace scope
See Organizations for details.
API Reference
# List all members
GET /api/v1/members
# Get a single member
GET /api/v1/members/{id}
# Invite a member
POST /api/v1/members/invite
# Bulk invite members
POST /api/v1/members/invite/bulk
# Update a member's role
PUT /api/v1/members/{id}
# Remove a member
DELETE /api/v1/members/{id}
# List pending invitations
GET /api/v1/members/invitations
# Resend an invitation
POST /api/v1/members/invitations/{id}/resend
# Cancel an invitation
DELETE /api/v1/members/invitations/{id}Best Practices
- Use the least privileged role — Start with the Member role and promote as needed. It’s easier to add permissions than to discover someone had too much access.
- Audit member access quarterly — Review who has access and whether their roles are still appropriate as team composition changes.
- Remove departed team members promptly — When someone leaves the team, remove their workspace access immediately to maintain security.
- Use groups instead of individual management — For data access control, assign access filters to groups rather than tracking individual members. This scales better and is easier to audit.
- Document role assignments — Keep a record of why specific members have elevated roles (Admin, Owner) for compliance and audit purposes.
Next Steps
- Set up groups for team-based data access management
- Define access filters for row-level access control
- Configure destination filters for data flow governance
- Create an organization for multi-workspace member management