Roles aren't permanent. Once a member has joined, you can promote a Viewer to Admin, demote an Admin back to Viewer, or — more rarely — transfer ownership. The action lives on the Members page; the change takes effect immediately and the audit feed records who did it.
- You can't change your own role. Self-promotion (or self-demotion) is refused; ask another member with the right role to make the change.
- You can't set someone to Owner from the role dropdown. Owner is a single seat, transferred only through the explicit Transfer-ownership flow.
Change a role
Section titled “Change a role”From the Members page, find the member whose role you want to change. Each row carries the current role as a small badge in the Role column. The row action (typically a kebab menu or the role badge itself) opens a small editor with a Role dropdown.
Pick the new role from the dropdown — Admin or Viewer. Confirm. The change takes effect immediately:
- The member's next page load reflects the new role.
- Their in-flight session is unaffected (no forced sign-out).
- The next action they attempt is gated by the new role's capabilities.
If you've demoted someone from Admin to Viewer, they may see a banner the next time they try a mutating action explaining the action now requires Admin or higher.
What the audit feed shows
Section titled “What the audit feed shows”A role change emits org.member_role_changed to the org audit feed with payload:
member_id— the affected member's id.from— the role they held before.to— the role they hold now.changed_by— the member id of whoever made the change (you).
The event lands within a second of the change. From the audit page you can filter by org.member_role_changed to see the full role-change history.
Promoting Admins, demoting Admins
Section titled “Promoting Admins, demoting Admins”The common shape:
- Promotion (Viewer → Admin): you're handing operational authority to someone. They can now provision and decommission tenants, invite and remove other members (with the constraint they can't touch the Owner), edit settings. Useful as your team grows and you need more hands on the platform.
- Demotion (Admin → Viewer): you're stripping operational authority but keeping visibility. Useful for a team member moving to a different role, or as a precaution while investigating an incident.
What demotion doesn't do: it doesn't reverse actions the Admin already took. If a now-demoted Admin decommissioned a tenant last week, demoting them today doesn't bring the tenant back. The audit log captures who did what, when — that's the lasting record.
Transferring ownership
Section titled “Transferring ownership”Ownership transfer is a separate, deliberate flow (not the same as Admin promotion). The current Owner initiates it from Settings, picks an existing member as the recipient, and confirms. After transfer:
- The new Owner has every capability the old Owner had, including delete-the-organisation.
- The old Owner becomes an Admin.
- The audit feed records
org.ownership_transferredwithfromandto.
If you're the Owner, transfer ownership before leaving the team — there's only one Owner per organisation, and an unreachable Owner is an operational pain when the platform later needs an Owner-only action.