5 min read

Overview

Team management is available to all QuickNode account holders who are part of a team. This guide covers the essential features for managing teams—including creating teams, inviting users, moving members, and removing users. Additionally, for Enterprise customers, it details Role-Based Access Control (RBAC), an enterprise-grade security feature that allows customers to finely manage user permissions and access controls for enhanced security and compliance.

What You Will Learn

• How to manage teams and users as an admin
• How RBAC roles (Admin and Viewer) govern access to the application and dashboard (Enterprise only)

What You Will Need

• A QuickNode account (RBAC is exclusive to Enterprise plans)
• Familiarity with basic team management concepts

Team Management

Team management allows admins to organize users and maintain control over team activities. These features are available to all QuickNode accounts with team functionality. Below are step-by-step instructions for common team management tasks.

Getting Started: Access the Teams Page

1. Log in to your QuickNode account.
2. From the dashboard, click the avatar icon in the top-left corner.
3. Select Teams to open the Teams page.

Create a New Team

1. Go to the Teams page.
2. Click Create Team.
3. Enter a team name and click Create Team.
4. (Optional) Invite users by adding their names and email addresses.

Note: For non-RBAC users, only the primary user of an organization can create a new team, while any Admin can create a new team in RBAC enabled organizations.

Invite Users

1. Navigate to the Teams page.
2. Select the team you want to invite users to.
3. Click Invite member.
4. Enter the user’s name and email address.
5. Click Add team member to send an email to the user.

Move Users Between Teams

1. Navigate to the Teams section.
2. Select the current team of the user you want to move.
3. Find the user in the member list and click on the three dots (⋯) next to their name.
4. Select Update Team from the dropdown menu.
5. Choose the new team you want to move the user to.
6. Confirm the move.

Remove Users from a Team

1. Navigate to the Teams section.
2. Select the team containing the user you want to remove.
3. Locate the user in the member list and click on the three dots (⋯) next to their name.
4. Select Remove User from the dropdown menu.
5. Confirm the removal. The user will no longer be a member of the team.

Role-Based Access Control (RBAC) for Enterprise Customers

Role-Based Access Control (RBAC) is an Enterprise-only feature that builds on team management by adding role-based permissions. With RBAC, Enterprise customers can assign specific roles (Admin or Viewer) to users and API keys, ensuring granular control over access to functionality and data. This section covers RBAC-specific features.

Benefits of RBAC for Enterprises

RBAC empowers Enterprise organizations to:

• Protect Sensitive Data: Restrict access to critical areas, such as billing and API keys, to authorized personnel only.
• Streamline Team Management: Define roles based on job responsibilities, minimizing errors and over-permissions.
• Accelerate Onboarding: Automate secure role assignments for new users, especially in SSO setups, for a fast and efficient start.
• Ensure Compliance: Enforce least-privilege access to meet audit and regulatory standards effortlessly.
• Scale with Confidence: Control permissions for expanding teams and API integrations without sacrificing security.

RBAC Enabled for Enterprise Customers

RBAC is automatically enabled for all Enterprise customers.

When RBAC is enabled for existing accounts:

• If a user was in the Admins team, they were automatically converted into an Admin role.
• If a user was in any other team, they were automatically converted into a Viewer role.

RBAC introduces two roles for users and API keys: Admin and Viewer. These roles dictate the level of access across applications and the dashboard.

User and API Key Roles

Category	Permission/Action	Admin	Viewer
User Roles	Access Level	Full access to all functionality in the application and dashboard	Read-only access in the application and dashboard
	Dashboard Permissions	Can create, read, update, and delete items	Can view items only; cannot modify or delete them
	Application Actions	Can perform all actions, including:	Limited to viewing pages only:
	- Products	Creating and managing products	View only
	- Teams	Creating and updating teams	View only
	- Users	Inviting, moving, and removing users	View only
	- Billing	Updating billing details, changing plans, and managing payment methods	Cannot access billing plans, payment history, or payment methods
	- API Keys	Accessing and managing API keys	Cannot access API keys page
API Key Roles	API Request Permissions	Can perform all actions (e.g., POST, PUT, DELETE, GET requests)	Restricted to GET requests for viewing data only; prevents modifications or deletions

Team Default Roles

Teams include a default role assigned to users upon invitation or when moved between teams:

• Inviting New Users: Admins can invite new users and define a role for them in the invite form. The invite form will default to the team’s default role (e.g., Viewer for most teams, Admin for the Admins team), but admins can change it to Admin or Viewer before sending the invitation.
• Moving Users Between Teams: When a user is moved to another team, they are automatically assigned the default role of the new team. Admins can update the user’s role afterward if needed.
• Configurable Defaults: New teams default to the Viewer role (except the Admins team, which defaults to Admin and cannot be changed). Admins can modify a team’s default role as needed.

SSO Onboarding Integration

For teams using Single Sign-On (SSO):

• Automatic Grouping:New SSO users are automatically added to an Onboarding group with a default Viewer role, with auto creation of the group if it doesn’t exist.
• Security Assurance: This prevents inadvertent assignment of Admin privileges to new users.
• Flexibility: Admins can later move SSO users to other groups or update their roles as required.

Managing RBAC as an Admin

Below are step-by-step instructions for leveraging RBAC features, assuming you have full administrative privileges as an Admin. These actions build on the team management capabilities by adding role-specific controls.

Update User Roles

1. Navigate to the Teams page and select the team you want to manage.
2. Locate the user whose role you want to update.
3. Open the user's settings by clicking on the three dots (⋯) next to their name.
4. Select Update Role from the dropdown menu.
5. Choose a new role (Admin or Viewer) based on their responsibilities.
6. Confirm the change to update the user's role.

Note: Admins can update the role of other admins.

Manage API Keys with RBAC

1. Access the API Keys page by clicking on the avatar icon on the top left and selecting API Keys.
2. Click on Add API Key to generate a new key.
3. (Optional) Restrict the key to specific applications
4. Assign a role (Admin or Viewer) to the key.
5. Click Create API Key and keep the key secure.

Generated API keys and their roles are visible for Admins in the API Keys section.

Conclusion

Team management provides a foundation for collaboration across all QuickNode accounts, while RBAC enhances this with enterprise-grade security and role-based control. By clearly defining roles and providing straightforward management options, RBAC helps maintain high levels of security and efficiency. This guide has outlined the key concepts of RBAC and provided detailed steps for managing teams and user permissions from an Admin perspective.

For further assistance or more detailed instructions, please contact us directly. Our team is ready to assist you in implementing RBAC effectively and ensure your organization's security and compliance needs are met.

Also, stay up to date with the latest by following us on Twitter and joining our Discord and Telegram announcement channel.

We ❤️ Feedback!

Let us know if you have any feedback or requests for new topics. We'd love to hear from you.