Organizations

Members and roles

Tragentics uses a deliberately narrow organization role model: one admin role and one member role. Complexity lives in permissions and access scope, not in a pile of overlapping role labels.

The two roles

Admin

The admin is the organization owner. They can manage members, configure SSO, edit organization settings, add and remove resources, and transfer the admin role.

Member

A member is an invited user who operates within the organization under delegated permissions and scoped visibility. Members do not manage organization-wide settings unless explicitly given access to the related features.

There is no extra “owner context” role inside the org page. The admin is the owner, and members are invited users.

Member status

Organization member records also carry status. In practice, the admin deals with three operational states:

  • Pending invite — the invite exists, but the user has not accepted it yet
  • Active — the user accepted and can operate inside the org
  • Suspended — the user remains recorded but should not actively operate as a normal member

The Members tab shows active members, pending invites, and the organization's most active members over the last 7 days.

What admins can do

From the Members tab, the admin can:

  • send new invites
  • review the current member list with search and filters
  • open a member row and inspect permissions plus access scope
  • edit a member's permissions and access scope
  • suspend or reactivate a member
  • remove a member from the organization
  • transfer admin to another active member

What members see

Members do not use the organization admin page as if they were partial admins. When a member lands on/org, the page explicitly shows that organization settings are for the admin, not for member self-service.

Their real day-to-day experience comes from context switching into the organization and then using the rest of Tragentics under that org-scoped visibility model.

How members leave an organization

Members do not leave an organization from the admin workspace at/org. That surface is reserved for the organization admin.

The self-service exit path for a member lives underSettings → Organizations. The Organization Memberships card lists every organization where the user is a member and provides aLeave action with confirmation.

When the member confirms the leave action, Tragentics clears their active org context, removes their membership row, removes the related access-scope rows, and returns the user to personal context. Their personal agents and personal data are not deleted by leaving the organization.

Admins can remove members from the Members tab, but members also have a self-service leave path from Settings.

Admin transfer

Admin transfer is a deliberate role handoff, not a cosmetic flag flip. Tragentics only allows transfer to another active member of the same organization.

  • the target user must already be an active member
  • the current admin cannot transfer the role to themselves
  • the old admin becomes a regular member after the handoff
  • the new admin becomes the organization's admin of record
Admin transfer changes who governs the organization. Treat it as an operational ownership change, not just a convenience action.

Next

Roles define who someone is. The next layer defines what they can actually do: permissions and access scopes →