Members and roles
A member is a user account that belongs to one of your feat organizations. A role decides what that member can do. feat ships three built-in roles, and you can create custom roles with granular permissions.
Built-in roles
Section titled “Built-in roles”| Role | What it can do |
|---|---|
| Admin | Everything. Manage members, roles, projects, billing. Edit any flag in any environment. |
| User | Read everything by default; write where the role grants it (configurable per resource). Cannot manage members or billing. |
| Observer | Read-only across the organization. Useful for stakeholders who watch but do not edit. |
The three built-in roles cover most teams. Reach for a custom role only when one of them is too coarse.
Custom roles
Section titled “Custom roles”A custom role has a name, a description, and a permissions matrix. The matrix is per resource type, per action:
feature_flag: [read, write, delete]environment: [read, write]context_kind: [read]audit_log: [read]Granting write on feature_flag lets the member create and edit flags. Granting delete lets them archive and delete. Read is required for write; the dashboard enforces this.
Custom roles are scoped to one organization. You cannot share a role definition across organizations.
Permissions in detail
Section titled “Permissions in detail”| Resource | Actions |
|---|---|
feature_flag | read, write, delete |
environment | read, write |
context_kind | read, write, delete |
segment | read, write, delete |
change_request | read, approve |
audit_log | read |
api_key | read, write, delete |
Permission grants compose: a member’s effective permissions are the union of every grant from every role assigned to them. Admin is its own grant that covers everything.
Inviting a member
Section titled “Inviting a member”Open the dashboard, pick the organization, then Members then Invite. Enter the email and pick a role. The invitee receives an email with a one-time link.
Domain restriction: an organization can restrict invitations to a set of allowed email domains. The setting is in the organization’s general settings.
See Invitations for the lifecycle of an invite.
Removing a member
Section titled “Removing a member”An admin can remove any other member. A member can remove themselves (an exit, not a destructive action). The organization keeps audit history of who removed whom and when.
You cannot remove the last admin of an organization. Promote another member first.
Related
Section titled “Related”- Invitations for joining an org.
- Audit log for who-did-what records.
- Change requests for the approve-change-request permission.