Roles
Ultra Hub defines five roles, from most to least privileged:Owner
Full control over the organization. Owners can manage billing, delete the organization, and promote other users to Owner.- All Admin permissions, plus:
- Manage billing and subscription
- Delete the organization
- Promote users to Owner
- Transfer ownership
Admin
Manages teams, workspaces, members, and security settings. Admins handle day-to-day organization administration.- All Member permissions, plus:
- Invite and remove members
- Change member roles (up to Admin)
- Create and delete teams and workspaces
- Manage organization settings
- View the Admin Log
- Configure guardrails (when available)
Member
Standard access for day-to-day work. Members can link gateways, view data, and use the dashboard.- Link and unlink their own gateways
- View traces, audit events, and server data
- Access the dashboard
- View workspace and team information
Viewer
Read-only access to observability data. Suitable for stakeholders who need visibility without the ability to make changes.- View traces, audit events, and server data
- Access the dashboard (read-only)
- View workspace and team information
Beacon
Machine-to-machine identity for automated gateways and CI/CD pipelines. Beacons can sync data but cannot access the web interface.- Sync traces and audit events to Hub
- Send gateway heartbeats
- No web UI access
Permissions Matrix
| Capability | Owner | Admin | Member | Viewer | Beacon |
|---|---|---|---|---|---|
| Manage billing | ✅ | ❌ | ❌ | ❌ | ❌ |
| Delete organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| Manage org settings | ✅ | ✅ | ❌ | ❌ | ❌ |
| Create/delete teams | ✅ | ✅ | ❌ | ❌ | ❌ |
| Create/delete workspaces | ✅ | ✅ | ❌ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Remove members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Change member roles | ✅ | ✅ | ❌ | ❌ | ❌ |
| View Admin Log | ✅ | ✅ | ❌ | ❌ | ❌ |
| Configure guardrails | ✅ | ✅ | ❌ | ❌ | ❌ |
| Link/unlink own gateway | ✅ | ✅ | ✅ | ❌ | ❌ |
| View dashboard | ✅ | ✅ | ✅ | ✅ | ❌ |
| View traces | ✅ | ✅ | ✅ | ✅ | ❌ |
| View audit events | ✅ | ✅ | ✅ | ✅ | ❌ |
| View server data | ✅ | ✅ | ✅ | ✅ | ❌ |
| Sync data to Hub | ✅ | ✅ | ✅ | ❌ | ✅ |
| Send heartbeats | ✅ | ✅ | ✅ | ❌ | ✅ |
| Access web UI | ✅ | ✅ | ✅ | ✅ | ❌ |
Scope Hierarchy
Roles apply within a scope hierarchy: Organization → Team → Workspace. Roles cascade downward — an Admin at the organization level has Admin access to all teams and workspaces within it.Managing Roles
Via Hub Web UI
- Navigate to your organization’s Members page
- Find the user you want to modify
- Click their current role to open the role selector
- Choose the new role
Via Invitations
When inviting new members, select the role during the invite process. The invited user receives the assigned role when they accept.Constraints
- Only Owners can promote other users to Owner
- You cannot change your own role
- The last Owner of an organization cannot be demoted or removed
- Admins can assign roles up to Admin level (not Owner)