Team RBAC
Teams have three built-in roles. API keys carry an independent permission level that further narrows what programmatic access can do.
Role Matrix
| Capability | Owner | Admin | Member |
|---|---|---|---|
| Deploy services | ✓ | ✓ | ✓ |
| Read logs & metrics | ✓ | ✓ | ✓ |
| Create services / DBs | ✓ | ✓ | ✓ |
| Delete or suspend services / DBs | ✓ | ✓ | — |
| Manage env vars (incl. secrets) | ✓ | ✓ | ✓ |
| Invite / remove team members | ✓ | ✓ | — |
| Manage billing & payment methods | ✓ | — | — |
| Transfer ownership / delete team | ✓ | — | — |
Inviting Members
Owners and admins invite by email from Settings → Team. Invitees get a magic-link email; their account is created when they accept. Pending invitations can be revoked from the same page. Invites expire 7 days after sending.
Transferring Ownership
Each team has exactly one owner. The current owner can transfer ownership to an existing admin from Settings → Team → Transfer. The transferring user keeps admin access; both parties receive an email notification.
API-Key Permissions
API keys are a separate authentication path that layer on top of team roles. Every key is owned by a team member and inherits that user's team role, then is further narrowed by one of two permission levels:
- full_access — full team-member rights for the underlying user. Billing and team-membership management still require a logged-in session.
- deploy_only — CI-friendly token that can trigger deploys, read logs and metrics, and view service status. It cannot create, delete, or update resources, edit env vars, or rotate other keys. Ideal for GitHub Actions / GitLab CI deploy steps.
Mint keys at Settings → API Keys. Keys are shown once at creation, stored hashed at rest, and prefixed with hs_live_ (prod) or hs_test_ (sandbox / test team).