Team Management
CodeStax uses organization-based multi-tenancy. Every user belongs to at least one organization, and all repositories, scans, and settings are scoped to an organization.
Organization Structure
Organization
├── Members (users with assigned roles)
├── Repositories (connected from GitHub/Bitbucket)
├── Scans & Reviews (security scan results)
├── Policies (org-wide and per-repo settings)
└── Billing (subscription and payment)Roles
CodeStax uses five roles with increasing permissions:
| Role | Description |
|---|---|
| VIEWER | Read-only access to scan results and dashboards |
| MEMBER | Can trigger scans, view results, and provide feedback on findings |
| ORG_ADMIN | Can manage repositories, policies, integrations, and team members |
| ORG_OWNER | Full control including billing, plan changes, and org deletion |
| SUPER_ADMIN | Platform-level access (CodeStax staff only) |
Permission Matrix
| Action | VIEWER | MEMBER | ORG_ADMIN | ORG_OWNER |
|---|---|---|---|---|
| View dashboards | Yes | Yes | Yes | Yes |
| View scan results | Yes | Yes | Yes | Yes |
| Trigger scans | — | Yes | Yes | Yes |
| Trigger PR reviews | — | Yes | Yes | Yes |
| Accept/dismiss findings | — | Yes | Yes | Yes |
| Connect repositories | — | — | Yes | Yes |
| Manage team members | — | — | Yes | Yes |
| Edit policies | — | — | Yes | Yes |
| Manage integrations | — | — | Yes | Yes |
| Generate API keys | — | — | Yes | Yes |
| View audit logs | — | — | Yes | Yes |
| Manage billing | — | — | — | Yes |
| Change plan | — | — | — | Yes |
| Delete organization | — | — | — | Yes |
| Transfer ownership | — | — | — | Yes |
Inviting Members
Send an Invitation
- Go to Settings → Team
- Click Invite Member
- Enter the email address
- Select the role to assign
- Click Send Invitation
The invitee receives an email with a link to accept the invitation. If they don’t have a CodeStax account, they’ll be prompted to create one.
Invitation States
| State | Description |
|---|---|
| Pending | Invitation sent, not yet accepted |
| Accepted | User joined the organization |
| Expired | Invitation not accepted within 7 days |
| Revoked | Admin cancelled the invitation |
Resend or Revoke
From the team settings page, you can:
- Resend a pending invitation (resets the 7-day expiry)
- Revoke a pending invitation to cancel it
Managing Members
Change a Member’s Role
- Go to Settings → Team
- Find the member in the list
- Select a new role from the dropdown
- Confirm the change
Role changes take effect immediately. The member is notified by email.
Remove a Member
- Go to Settings → Team
- Click the remove button next to the member
- Confirm the removal
Removed members immediately lose access to the organization’s repositories and data. Their past actions (scan triggers, feedback) remain in audit logs.
Organization Settings
General
| Setting | Description |
|---|---|
| Organization Name | Display name shown across the platform |
| Slug | URL-friendly identifier (cannot be changed after creation) |
| Default Role | Role assigned to new members who join via invitation |
Transferring Ownership
The ORG_OWNER can transfer ownership to another member:
- Go to Settings → Organization → Transfer Ownership
- Select the new owner (must be an existing ORG_ADMIN)
- Confirm the transfer
- Your role changes to ORG_ADMIN
Deleting an Organization
Only the ORG_OWNER can delete an organization:
- Go to Settings → Organization → Danger Zone
- Click Delete Organization
- Type the organization name to confirm
- All data (repos, scans, settings) is permanently deleted
This action cannot be undone.
Seat Limits
The number of team members is limited by your plan:
| Plan | Maximum Members |
|---|---|
| Free | 1 |
| Pro | 10 |
| Team | 50 |
| Enterprise | Unlimited |
Attempting to invite beyond your seat limit will show an upgrade prompt.