6 min read

Overview

Team management is available to all QuickNode account holders who are part of a team. This guide covers the essential features for managing teams, including creating teams, inviting users, moving members, and removing users. Additionally, for Enterprise customers, it details Role-Based Access Control (RBAC), an enterprise-grade security feature that allows customers to finely manage user permissions and access controls for enhanced security and compliance.

What You Will Learn

• How to manage teams and users as an admin
• How RBAC roles (Admin, Billing, and Viewer) govern access to the application and dashboard (Enterprise only)

What You Will Need

• A QuickNode account (RBAC is exclusive to Enterprise plans)
• Familiarity with basic team management concepts

Team Management

Team management allows admins to organize users and maintain control over team activities. These features are available to all QuickNode accounts with team functionality. Below are step-by-step instructions for common team management tasks.

Getting Started: Access the Teams Page

1. Log in to your QuickNode account.
2. From the dashboard, click the avatar icon in the top-left corner.
3. Select Teams to open the Teams page.

Create a New Team

1. Go to the Teams page.
2. Click Create Team.
3. Enter a team name and click Create Team.
4. (Optional) Invite users by adding their names and email addresses.

Note: For non-RBAC users, only the primary user of an organization can create a new team, while any Admin can create a new team in RBAC enabled organizations.

Invite Users

1. Navigate to the Teams page.
2. Select the team you want to invite users to.
3. Click Invite member.
4. Enter the user’s name and email address.
5. Click Add team member to send an email to the user.

Move Users Between Teams

1. Navigate to the Teams section.
2. Select the current team of the user you want to move.
3. Find the user in the member list and click on the three dots (⋯) next to their name.
4. Select Update Team from the dropdown menu.
5. Choose the new team you want to move the user to.
6. Confirm the move.

Remove Users from a Team

1. Navigate to the Teams section.
2. Select the team containing the user you want to remove.
3. Locate the user in the member list and click on the three dots (⋯) next to their name.
4. Select Remove User from the dropdown menu.
5. Confirm the removal. The user will no longer be a member of the team.

Role-Based Access Control (RBAC) for Enterprise Customers

Role-Based Access Control (RBAC) is an Enterprise-only feature that builds on team management by adding role-based permissions. With RBAC, Enterprise customers can assign specific roles (Admin, Billing, or Viewer) to users and API keys, ensuring granular control over access to functionality and data. This section covers RBAC-specific features.

Benefits of RBAC for Enterprises

RBAC empowers Enterprise organizations to:

• Protect Sensitive Data: Restrict access to critical areas, such as billing and API keys, to authorized personnel only.
• Streamline Team Management: Define roles based on job responsibilities, minimizing errors and over-permissions.
• Accelerate Onboarding: Automate secure role assignments for new users, especially in SSO setups, for a fast and efficient start.
• Ensure Compliance: Enforce least-privilege access to meet audit and regulatory standards effortlessly.
• Scale with Confidence: Control permissions for expanding teams and API integrations without sacrificing security.

RBAC Enabled for Enterprise Customers

RBAC is automatically enabled for all Enterprise customers.

When RBAC is enabled for existing accounts:

• If a user was in the Admins team, they were automatically converted into an Admin role.
• If a user was in any other team, they were automatically converted into a Viewer role.

RBAC introduces three roles: Admin, Billing, and Viewer. These roles dictate the level of access across applications and the dashboard.

User and API Key Roles

Category	Permission or Action	Admin	Billing	Viewer
Dashboard access level	Dashboard access	Full access	Access to the entire billing section and read-only access elsewhere	Read-only
Teams	Create and update teams	Yes	View only	View only
Users	Invite, move, remove	Yes	View only	View only
Billing	View and manage billing details, plans, payment methods	Yes	Yes	No
Endpoints (RPC)	Create, edit, delete endpoints, manage security settings	Yes	View endpoints and analytics only, no create or edit or delete	View endpoints and analytics only
QuickNode Products (i.e., Streams, Webhooks)	Create, edit, delete, manage configurations	Yes	View product details and metrics	View product details and metrics
Marketplace Add-ons	Install, configure, update, remove add-ons	Yes	Yes	View only
Rollups	Create, request cancellation	Yes	Yes	No
Billing emails	Receive usage and payment emails	Yes	Yes	No
API Keys page	Access API Keys page	Yes	No	No
API key permissions	Allowed request types	Admin keys can GET, POST, PUT, DELETE	N/A	Viewer keys are limited to GET

User Roles vs. API Key Roles

It's crucial to understand that user roles (for the dashboard) and API key roles are distinct concepts.

• User Roles (Admin, Billing, Viewer) control what a person can see and do when logged into the QuickNode dashboard. For example, only an Admin user can access the API Keys page to create or manage keys.
• API Key Roles (Admin, Viewer) define the permissions for a specific API key, determining what actions (e.g., POST vs. GET) can be performed when that key is used by an application or script.

These roles are not tied to each other. An Admin user can generate a Viewer key for a read-only monitoring tool, ensuring that the tool cannot make any changes, regardless of the creator's own permissions.

Team Default Roles

Teams include a default role assigned to users upon invitation or when moved between teams:

• Inviting New Users: Admins can invite new users and define a role for them in the invite form. The invite form will default to the team’s default role (e.g., Viewer for most teams, Admin for the Admins team), but admins can change it to Admin, Billing, or Viewer before sending the invitation.
• Moving Users Between Teams: When a user is moved to another team, they are automatically assigned the default role of the new team. Admins can update the user’s role afterward if needed.
• Configurable Defaults: New teams default to the Viewer role (except the Admins team, which defaults to Admin and cannot be changed). Admins can modify a team’s default role as needed.

SSO Onboarding Integration

For teams using Single Sign-On (SSO):

• Automatic Grouping: New SSO users are automatically added to an Onboarding group with a default Viewer role, with auto creation of the group if it doesn’t exist.
• Security Assurance: This prevents inadvertent assignment of Admin privileges to new users.
• Flexibility: Admins can later move SSO users to other groups or update their roles as required.

Managing RBAC as an Admin

Below are step-by-step instructions for leveraging RBAC features, assuming you have full administrative privileges as an Admin. These actions build on the team management capabilities by adding role-specific controls.

Update User Roles

1. Navigate to the Teams page and select the team you want to manage.
2. Locate the user whose role you want to update.
3. Open the user's settings by clicking on the three dots (⋯) next to their name.
4. Select Update Role from the dropdown menu.
5. Choose a new role (Admin, Billing, or Viewer) based on their responsibilities.
6. Confirm the change to update the user's role.

Note: Admins can update the role of other admins.

Transfer Account Ownership

The account owner can transfer full ownership of the organization to another user. This is a permanent action that grants ownership to a new user.

1. Navigate to the Teams page.
2. Find the user you wish to transfer ownership to (they can be in any team).
3. Click the three dots (⋯) next to their name to open the user's settings.
4. Select Transfer Ownership from the dropdown menu.
5. Carefully read the confirmation prompt and follow the instructions to finalize the transfer.

Warning: Transferring ownership is irreversible. The current owner will lose their owner status and typically be reassigned to an Admin role. Ensure you are certain before proceeding.

Manage API Keys with RBAC

1. Access the API Keys page by clicking on the avatar icon on the top left and selecting API Keys.
2. Click on Add API Key to generate a new key.
3. (Optional) Restrict the key to specific applications.
4. Assign a role (Admin or Viewer) to the key.
5. Click Create API Key and keep the key secure.

Generated API keys and their roles are visible for Admins in the API Keys section.

Conclusion

Team management provides a foundation for collaboration across all QuickNode accounts, while RBAC enhances this with enterprise-grade security and role-based control. By clearly defining roles and providing straightforward management options, RBAC helps maintain high levels of security and efficiency. This guide has outlined the key concepts of RBAC and provided detailed steps for managing teams and user permissions from an Admin perspective.

For further assistance or more detailed instructions, please contact us directly. Our team is ready to assist you in implementing RBAC effectively and ensure your organization's security and compliance needs are met.

Also, stay up to date with the latest by following us on Twitter and joining our Discord and Telegram announcement channel.

We ❤️ Feedback!

Let us know if you have any feedback or requests for new topics. We'd love to hear from you.