Zum Hauptinhalt springen

Team Management and RBAC in Quicknode

Aktualisiert am
26. Juni 2026

8 Minuten Lesezeit

Übersicht

Quicknode organizes account access around three distinct primitives: Members, Teams, and Roles. Members are everyone with access to your account, each assigned a role that controls what they can view and manage across the dashboard. Teams are collections of members that scope endpoint visibility: endpoints assigned to a team are visible only to that team's members. Role-Based Access Control (RBAC) is available on all paid plans. Enterprise accounts can extend RBAC with custom roles that have configurable, per-permission access controls.

TLDR

  • Quicknode account access is built on three primitives: Members (who has access and what role they hold), Teams (which endpoints they can see), and Roles (Admin, Rechnungsstellung, Viewer built-in; unlimited custom roles on Enterprise)
  • Invite members from the Members page and assign a role at invite time
  • Create teams to scope endpoint visibility: endpoints assigned to a team are only visible to that team's members; a member with no team sees all unrestricted endpoints
  • RBAC is available on all paid plans; Enterprise accounts can create custom roles with fine-grained, configurable permissions
  • Automate member and team operations via the Admin API or Quicknode CLI

Was Sie lernen werden


  • How to invite and manage members on your account
  • How to create teams and control endpoint visibility
  • How RBAC roles (Admin, Rechnungsstellung, und Viewer) govern access to the dashboard
  • How to create and manage custom roles with configurable permissions (Enterprise)

Was Sie benötigen


Zentrale Konzepte

Before diving in, here is a quick overview of the three primitives:

Members are everyone who has access to your Quicknode account. You manage members at dashboard.quicknode.com/members. Each member is assigned a role (Admin, Rechnungsstellung, oder Viewer) that controls what they can view and do across the dashboard.

Teams are collections of members used to scope endpoint visibility. You manage teams at dashboard.quicknode.com/teams. When you assign an endpoint to a team, only that team's members can see it. A team with no endpoint assignments lets its members see every unrestricted endpoint on the account.

Roles are system-level permission levels assigned per member, not per team. The three built-in roles are Admin, Rechnungsstellung, und Viewer. Enterprise accounts can also create custom roles with configurable permissions. See the Roles and Permissions section for a full breakdown.

Mental Model

A member does not need to belong to any team. Team membership only affects which endpoints a member can see; their role determines what actions they can perform.

Members, Teams, and Endpoints

Managing Members

Members are managed from the Members page. Admins can invite new members, update roles, and remove members from the account.

Invite a Member


  1. Navigate to the Members page.
  2. Click Invite member.
  3. Enter the member's name, email address, and select a role (Admin, Rechnungsstellung, oder Viewer).
  4. Click Send invite. The member will receive an email invitation to join your account.

RBAC - Invite Users

Update a Member's Role


  1. Navigate to the Members page.
  2. Locate the member whose role you want to update.
  3. Click the three dots () next to their name.
  4. Select Change role and choose a new role (Admin, Rechnungsstellung, oder Viewer).
  5. Confirm the change.

Note: The account owner's role cannot be changed. To reassign ownership first, see Transfer Account Ownership.

Tipp

You can also update a member's role directly from a Team page: click the three dots () next to a member and select Change role to update their role without navigating to the Members page. As roles are assigned at the member level, this change will apply across all teams and endpoints.

RBAC - Update Role

Remove a Member


  1. Navigate to the Members page.
  2. Locate the member you want to remove.
  3. Click the three dots () next to their name.
  4. Select Remove from account and confirm.

Note: The account owner cannot be removed. Transfer ownership first if you need to remove the primary account holder.

Transfer Account Ownership

The account owner can transfer full ownership to another member. This is a permanent action.

  1. Navigate to the Members page.
  2. Click Change account owner at the bottom of the page.
  3. Select the member you wish to transfer ownership to.
  4. Click Change owner.

Warning: Transferring ownership is irreversible. The current owner will lose owner status and be reassigned to an Admin role. Confirm you are certain before proceeding.

Transfer Account Ownership

Managing Teams

Teams are managed from the Teams page. Admins can create teams, add members, and control endpoint visibility through team assignments.

Create a Team


  1. Navigate to the Teams page.
  2. Click Create team.
  3. Enter a team name and click Create team.

You are automatically added as a member of the new team.

RBAC - Create Team

Add Members to a Team

Note: To add a member to a team, they must first be invited to your account on the Members page.

  1. Navigate to the Teams page.
  2. Select the team you want to manage.
  3. Click Add member.
  4. Search for the member and select them.
  5. Click Save to confirm.
Tipp

You can also manage a member's team assignments directly from the Members page: click the three dots () next to a member and select Team to update their team assignments without navigating to the Teams page.

Move or Remove Members Between Teams


  1. Navigate to the Teams page.
  2. Select the team containing the member.
  3. Click the three dots () next to the member's name.
  4. Select Teams to update their team assignment, or Remove from team to remove them.
  5. Confirm the action.

Note: A member can belong to multiple teams. Removing a member from one team does not remove them from the account or other teams.

RBAC - Update Team

Delete a Team


  1. Navigate to the Teams page.
  2. Remove all members from the team (a team must be empty before it can be deleted).
  3. Click the three dots () next to the team name.
  4. Select Remove and confirm.

Endpoint Visibility

When you assign an endpoint to a team, only members of that team can see it. If a team has no endpoint assignments, its members can see every unrestricted endpoint on the account. Endpoints with no team assignment are visible to all account members.

To assign endpoints to a team, see the Advanced Account and Team Management guide.

Roles and Permissions

RBAC provides three built-in roles: Admin, Rechnungsstellung, und Viewer. These roles determine the level of access a member has across the dashboard and are assigned at the member level, not the team level. Enterprise accounts can additionally create unlimited custom roles with configurable permissions. See Benutzerdefinierte Rollen below.

User and API Key Roles

CategoryPermission or ActionAdminRechnungsstellungViewer
Account members and rolesInvite, remove, re-invite members; change member roles; view members and rolesJaView onlyView only
TeamsCreate, update, delete, and manage team membershipJaView onlyView only
Endpoint visibilityManage endpoint team assignmentsJaView onlyView only
Endpoints (RPC)Create, archive, configure, secure, pause, inspect logs, and view metricsJaView endpoints and metrics onlyView endpoints, settings, logs, and metrics
Quicknode productsManage Quicknode products (e.g., Streams, Webhooks, and SQL Explorer) resourcesJaRead-onlyRead-only
ErweiterungenInstall, update, and deactivate add-onsJaJaNein
Billing and usageManage billing, plans, payments, invoices, and usage dataJaJaUsage only
API keysCreate, delete, and read account API keysJaNeinRead-only
AI assistantUse the AI assistantJaJaJa
API key rolesRoles available when creating an API keyAdmin oder Viewerk. A.k. A.

The table above covers the three built-in roles. Enterprise accounts can define custom roles with individually selected permissions. See Custom Roles below.

User Roles vs. API Key Roles

It is important to understand that user roles (for the dashboard) and API key roles are distinct concepts.


  • User Roles (Admin, Rechnungsstellung, Viewer) control what a person can see and do when logged into the Quicknode dashboard. For example, only an Admin user can access the API Keys page to create or manage keys.
  • API Key Roles (Admin, Viewer) define the permissions for a specific API key, determining what actions (e.g., BEITRAG vs. GET) can be performed when that key is used by an application or script.

These roles are not tied to each other. An Admin user can generate a Viewer key for a read-only monitoring tool, ensuring that the tool cannot make any changes, regardless of the creator's own permissions.

SSO Onboarding Integration

For teams using Single Sign-On (SSO):


  • Automatic Grouping: New SSO users are automatically added to an Onboarding group with a default Viewer role, with auto creation of the group if it doesn't exist.
  • Security Assurance: This prevents inadvertent assignment of Admin privileges to new users.
  • Flexibility: Admins can later move SSO users to other groups or update their roles as required.

Benutzerdefinierte Rollen

Enterprise accounts can create custom roles that go beyond the three built-in roles, with a large set of permissions configurable per role.

Basic RBACCustomizable RBAC
PlansAll paid plansEnterprise only
Built-in rolesAdmin, Rechnungsstellung, ViewerSame
Custom rolesNot availableUnbegrenzt
Permission granularityFixed per roleFully configurable

Create a Custom Role


  1. Navigate to the Roles page by opening the account dropdown in the bottom-left corner and selecting Account and then Roles.
  2. Click + New role.
  3. Enter a name for the role (e.g., Deploy-bot).
  4. Under Permissions, select the permissions to grant. Options span account management, endpoints, Streams, Webhooks, and many other categories.
  5. Click Create role.

Custom Role Creation

View and Manage Custom Roles

All roles are listed on the Roles page. Built-in roles appear under Default roles (managed by Quicknode and not editable). Your account-defined roles appear under Custom roles.

Roles Page

To edit or delete a custom role, click the three dots () next to the role name and select the desired action.

Enterprise only

The Roles tab and custom role management are available on Enterprise plans only. On all other plans, access is managed through the three built-in roles.

Manage API Keys with RBAC


  1. Access the API Keys page by clicking the dropdown menu next to your account name at the bottom left and selecting API Keys.
  2. Click on Add API Key to generate a new key.
  3. (Optional) Restrict the key to specific applications.
  4. Assign a role (Admin oder Viewer) to the key.
  5. Click Create API Key and keep the key secure.

Generated API keys and their roles are visible for Admins in the API Keys section.

Programmatic Management with Admin API and CLI

All team management operations described above are available through the Quicknode Admin API. This enables you to automate team creation, member invitations, team member management, and endpoint assignments programmatically.

If you prefer a higher-level interface for scripting or AI-driven workflows, the Quicknode-Befehlszeilenschnittstelle provides a convenient alternative to raw Admin API calls and supports qn agent context for agent-based automation.

With the Admin API, you can:


  • Create and delete teams: Programmatically create new teams or remove existing ones
  • Invite and remove team members: Send invitations and manage team membership via API calls
  • Resend invitations: Resend pending invitation emails to members
  • Update endpoint access for teams: Assign or remove endpoints for a team in bulk
  • List accessible endpoints for a team: Retrieve a list of endpoints assigned to a particular team

For a full reference, see the Admin API team control endpoints.

Fazit

Quicknode's Members, Teams, and Roles system gives you precise control over who can access your account and which resources they can see. Members carry roles that determine dashboard permissions; teams scope endpoint visibility independently of those permissions. RBAC is available on all paid plans. Enterprise accounts can go further with custom roles, defining exactly what each role can access to match your organization's needs.

For advanced patterns like tagging, bulk endpoint assignments, and programmatic management at scale, see the Advanced Account and Team Management guide.

For further assistance, contact us directly.

Also, stay up to date with the latest by following us on Twitter and joining our Discord and Telegram announcement channel.

Häufig gestellte Fragen

What is the difference between a member's role and their team membership?

A member's role (Admin, Billing, or Viewer) controls what they can do across the entire dashboard, such as creating endpoints or managing billing. Team membership only controls which endpoints they can see. These are independent: a Viewer-role member with no team assignment can still see every unrestricted endpoint on the account.

Can a member belong to more than one team?

Yes. A member can be added to as many teams as needed. Their role stays the same across all teams, but each team controls a distinct set of visible endpoints.

What happens if a member is not assigned to any team?

A member with no team assignment can see every endpoint that has no team restriction (unrestricted endpoints). They cannot see endpoints that have been assigned to a team they are not a member of.

How do I restrict endpoint visibility so only certain members can see an endpoint?

Assign the endpoint to a team. Once assigned, only members of that team can see it. Members on a different team, or no team, will not see the endpoint.

Can I change a member's role after they have accepted the invitation?

Yes. Go to the Members page, click the three dots next to the member, select Change role, and choose the new role. The account owner's role cannot be changed this way; transfer ownership first if needed.

What is the difference between user roles and API key roles?

User roles (Admin, Billing, Viewer) control what a person can see and do when logged into the dashboard. API key roles (Admin, Viewer) are separate and control what operations a key can perform when used by an application. An Admin user can generate a Viewer key for a read-only service without elevating that service's access.

What are custom roles and how do they differ from built-in roles?

Custom roles are account-defined roles available on Enterprise plans. Unlike the three built-in roles (Admin, Billing, Viewer) which have fixed permission sets managed by Quicknode, custom roles let you select individual permissions across categories like account management, endpoints, Streams, Webhooks, and more. You can create unlimited custom roles and assign them to members just like built-in roles.

Can I edit or delete a built-in role?

No. The built-in roles (Admin, Billing, Viewer) are managed by Quicknode and cannot be edited or deleted. To define a custom permission set, create a custom role on the Roles page (Enterprise only).

Wir ❤️ Feedback!

Teilen Sie uns gerne mit, wenn Sie Feedback oder Vorschläge für neue Themen haben. Wir freuen uns auf Ihre Rückmeldung.

Diesen Leitfaden teilen