User management

roles & permissions kubegrade uses organization‑level role based access control (rbac) to ensure that users have the appropriate access to features and settings organization roles role description key capabilities org owner primary administrative role for the organization automatically assigned after signing up full access to all settings, billing, user management (invite/remove), and organization wide integrations org admin administrative role for day to day management can manage users (except org owners) and organization settings, but typically does not handle subscription level ownership org user standard member role for core product usage can access dashboards, clusters, and ai agents, but cannot access organization settings or manage other users permissions summary core product features all roles can view clusters and dashboards use visualization tools interact with ai agents manage their own personal notification preferences administrative & organization settings org owners and org admins can access the organization settings menu invite new users to the organization via email manage user roles (promote/demote members) configure organization wide integrations , such as github/azure devops pats and mcp server connections org users cannot access organization settings cannot invite or manage other users cannot configure organization wide integrations integration ownership connection creators regardless of role, the user who creates a specific mcp connection or custom agent is considered its owner for notifications they receive system alerts for that resource (for example, disconnection events or token expiration)