Team & Roles

Roast lets a workspace owner invite teammates and assign each one a role that controls what they can see and do. Roles are Owner, Admin, Editor and Viewer, and team management lives under Settings.

How workspaces and roles fit together

A Roast workspace is the collection of data (forms, submissions, the wall, replies, integrations) owned by a single account: the Owner. Everyone you invite acts inside the Owner's workspace under an assigned role; they do not get a separate copy of the data.

There is exactly one implicit Owner per workspace. The Owner role is never stored as an invitable role and cannot be reassigned through the team UI. The three roles you can grant when inviting are Admin, Editor and Viewer.

An important resolution rule: a person who already owns any data of their own (i.e. they have created at least one form) always acts as the Owner of their own workspace, even if they have also accepted an invite elsewhere. Only a person who owns nothing resolves into the workspace they were invited to. In other words, accepting an invite never silently moves an existing owner out of their own tenant. Switching between workspaces you both own and have joined is not available in this version.

A user belongs to at most one active workspace at a time. If they own data, that is their own workspace; otherwise it is their first active membership.

Owner is implicit and is not listed among the roles you can assign or change.

What each role can do

Permissions are enforced both in the dashboard UI and in the API, so a role cannot exceed its abilities even by calling the API directly. The matrix below reflects the permission map in the code.

Owner: full control. Read and manage submissions (approve / reject / delete / convert), manage the wall (add / remove / reorder), read and write replies, trigger AI analysis, create and edit forms, read and write integrations, read the team, invite members, change roles, remove members, and manage billing.

Admin: can manage feedback day-to-day and grow the team, but not control the workspace. Admins can read and manage submissions, manage the wall, read and write replies, trigger AI analysis, create and edit forms, read and write integrations, read the team and invite new members. Admins cannot change roles, cannot remove active members (only revoke pending invites), and cannot access billing.

Editor: can curate feedback but not change configuration. Editors can read and manage submissions, manage the wall, read and write replies, trigger AI analysis, and read forms, integrations and the team. Editors cannot create or edit forms, cannot edit integrations, cannot invite or manage team members, and cannot access billing.

Viewer: read-only. Viewers can read submissions, the wall, replies, forms, integrations and the team list. Viewers cannot approve, reply, curate the wall, run AI analysis, change any settings, or manage the team.

Only the Owner can run billing; Admins and below have no billing access.

Only the Owner can change a member's role or remove an active member.

Editors and Viewers cannot trigger AI analysis except Editors who can; Viewers cannot run analysis.

Members are granted read-only access at the database level; all role-based writes go through the server, which checks ownership and role before acting.

Where to manage your team

Team management lives at Settings > Team (the URL /dashboard/settings/team). The older /dashboard/team link simply redirects here.

The page lists the Owner first (marked with a crown), then every member and pending invite. Each row shows the person's name or email, their role, and a status badge of Active or Pending. Your own row is marked (you).

An Invite Member button appears only if you are an Owner or Admin. A Role Permissions reference card at the bottom summarises what Admin, Editor and Viewer can do.

Viewers and Editors can open the page and see the roster but will not see the Invite Member button or role/remove controls.

Workspaces are capped at 10 team rows in total (active members plus pending invites combined).

Inviting a teammate

Inviting requires the team:invite permission, which Owners and Admins have. The invite is created against your workspace, an accept link is generated, and Roast attempts to email it.

  1. 1Go to Settings > Team and click Invite Member.
  2. 2Enter the teammate's email address.
  3. 3Choose a role: Admin (manage feedback, forms, integrations and invites), Editor (approve, reply and curate the wall) or Viewer (read-only).
  4. 4Click Send Invite. The new entry appears in the list as Pending until it is accepted.
  5. 5If email delivery is not configured, Roast still creates the invite and shows a notice telling you to share the accept link manually.

You cannot invite the Owner's own email (returns 'The owner is already in the workspace'), and an Admin cannot invite their own address.

An email can only be invited once per workspace; re-inviting the same address returns 'That email has already been invited'.

Once the workspace reaches 10 total rows, further invites are rejected with a member-limit error.

Only Admin, Editor and Viewer are valid invite roles; any other value is rejected.

Emails are sent best-effort via Resend; if RESEND_API_KEY is not set, the invite is created with emailSent reported as false.

Accepting an invite

The accept link takes the invitee to /invite/[token]. The page previews who is inviting them and at what role (for example, 'Join Acme's workspace as an Editor') before they decide.

If the invitee is not signed in, they are prompted to sign in or create an account first, then returned to the invite page. Once signed in, they click Accept invite and are sent to the dashboard.

Acceptance binds the invite to their account: the membership row is set to their user ID and its status changes from Pending to Active.

The signed-in account's email must match the invited email exactly (case-insensitive). Otherwise acceptance is refused with a message asking them to sign in with the invited address.

An invite can only be accepted once: it must be Pending and unconsumed. Already-accepted or expired/invalid tokens show 'Invite unavailable' or 'This invite has already been accepted'.

The Owner cannot accept their own invite (returns 'You already own this workspace').

Concurrent accept attempts are handled atomically — only the first succeeds.

Changing roles and removing people

Changing a member's role requires the team:manage permission, which only the Owner has. In the team list, the Owner sees a role dropdown next to each member and can switch them between Admin, Editor and Viewer.

Removing people uses the trash icon. The Owner can remove anyone — active members and pending invites alike. An Admin can only revoke Pending invites; they cannot remove an active member (attempting to do so is refused with 'Only the owner can remove an active member').

All of these actions are scoped to your own workspace: a membership row that belongs to another owner returns 'Member not found'.

Role changes are Owner-only; Admins, Editors and Viewers see roles as static labels, not editable dropdowns.

Revoking a pending invite deletes it so the accept link no longer works.

Removing an active member deletes their membership; because users belong to at most one workspace, they revert to their own (possibly empty) workspace.

Frequently asked questions

What roles are available in Roast?
Owner, Admin, Editor and Viewer. Owner is the implicit account that owns the workspace and cannot be assigned or reassigned. When inviting, you can choose Admin, Editor or Viewer.
Who can invite new teammates?
Owners and Admins. Editors and Viewers do not see the Invite Member button and cannot invite via the API.
Can an Admin remove someone from the team?
An Admin can only revoke pending invites. Removing an active member is restricted to the Owner. Changing anyone's role is also Owner-only.
How many people can I have in a workspace?
Up to 10 team rows in total, counting both active members and pending invites. Once that limit is reached, new invites are rejected until you remove someone or revoke an invite.
The invite email never arrived. What do I do?
Email delivery is best-effort. If it isn't configured, Roast still creates the invite and shows a notice asking you to share the accept link manually. You can copy that link to the invitee.
Why does it say the invite was sent to a different email?
You must accept with the exact email address the invite was sent to (case-insensitive). Sign in with that address, or ask the workspace owner to re-invite your current email.
I already have my own Roast forms. What happens if I accept an invite?
Nothing changes for your own data. Because you own forms, you always act as the Owner of your own workspace; accepting an invite does not move you into someone else's workspace in this version.
Can Viewers approve feedback or run AI analysis?
No. Viewers are strictly read-only across submissions, the wall, replies, forms and integrations, and cannot trigger AI analysis. Editors and above can approve, reply, curate the wall and run analysis.
Who can access billing?
Only the Owner. Admins, Editors and Viewers have no billing permission.