Roles and permissions
Yield.xyz uses a role-based access control (RBAC) model to manage what each user can do within a team. Every user in a team is assigned exactly one role: Owner, Admin, or Member.
Roles are scoped to a single team (tenant). A user's role determines which dashboard pages they can see, which actions they can perform, and which API endpoints they can call.
Roles
Owner
The account root. Owners have unrestricted access to every setting and action in the dashboard, including security-critical configuration like SSO, MFA enforcement, and billing. Only Owners can promote or demote other users to Admin or Owner.
A team can have multiple Owners. The system enforces that at least one Owner must exist at all times — the last remaining Owner cannot be removed or demoted.
When a new team is created, the person who signs up is automatically assigned the Owner role.
Admin
Full operational control. Admins can manage projects, API keys, fees, yields, payouts, geoblocking, webhooks, and campaigns. Admins can invite new users (as Members only) and remove Members from the team.
Admins cannot:
- Configure SSO or enforce SSO/MFA team-wide
- Access or modify billing settings
- Promote a Member to Admin or Owner
- Demote or remove another Admin or Owner
- Transfer ownership
Member
Read-only access. Members can view all projects, configurations, reports, balances, action history, and team membership. Members can also export reports (CSV) and manage their own MFA.
Members cannot:
- Create, edit, or delete projects
- Generate or revoke API keys
- Modify fees, yields, payouts, geoblocking, webhooks, or any other configuration
- Invite or remove users
- Change any user's role, including their own
Permission reference
| Capability | Member | Admin | Owner |
|---|---|---|---|
| View projects, yields, reports, keys, fees | ✅ | ✅ | ✅ |
| Manage own MFA | ✅ | ✅ | ✅ |
| Export reports (CSV) | ✅ | ✅ | ✅ |
| View team members and roles | ✅ | ✅ | ✅ |
| View webhooks | ✅ | ✅ | ✅ |
| Create / update / delete projects | — | ✅ | ✅ |
| Create / rotate / delete API keys | — | ✅ | ✅ |
| Configure fees (Yield & Perps) | — | ✅ | ✅ |
| Configure payout addresses | — | ✅ | ✅ |
| Configure custom URIs / RPC | — | ✅ | ✅ |
| Enable / disable yields | — | ✅ | ✅ |
| Configure geoblocking | — | ✅ | ✅ |
| Configure webhooks | — | ✅ | ✅ |
| Invite users | — | ✅ (Member role only) | ✅ (any role) |
| Remove users | — | ✅ (Members only) | ✅ (any, except last Owner) |
| Activate / deactivate users | — | ✅ (Members only) | ✅ (any, except self) |
| Change user roles | — | — | ✅ |
| Promote to Admin or Owner | — | — | ✅ |
| Demote Admin or Owner | — | — | ✅ |
| Configure SSO (SAML / OIDC) | — | — | ✅ |
| Enforce SSO / MFA team-wide | — | — | ✅ |
| Billing | — | — | ✅ |
Managing team members
Inviting users
Owners and Admins can invite new users from Team Settings → Invite.
- When an Admin invites a user, the new user is always assigned the Member role. Admins cannot select a different role during invitation.
- When an Owner invites a user, they can assign any role — Member, Admin, or Owner.
New invitations default to the Member role regardless of who sends the invite.
Changing roles
Only Owners can change a user's role. To change a role:
- Navigate to Team Settings.
- Find the user in the team list.
- Select the new role and confirm.
Admins do not see role-change controls for other Admins or Owners. Members do not see role-change controls at all.
Removing users
- Owners can remove any user except the last remaining Owner.
- Admins can remove Members only. The remove option is not visible for other Admins or Owners.
- Members cannot remove anyone. The remove button is not visible.
When a user is removed:
- Their active sessions are revoked.
- They are immediately blocked from logging in (both OTP and SSO).
- Historical actions and audit logs associated with the removed user are preserved for compliance.
Multiple Owners
A team can have more than one Owner. This is useful for organizations that need shared administrative authority across multiple stakeholders.
Promoting to Owner
Any Owner can promote an Admin or Member to Owner:
- Go to Team Settings.
- Select the user.
- Change their role to Owner and confirm.
The original Owner retains their Owner role — both users are now Owners with identical access.
Demoting an Owner
An Owner can demote another Owner to Admin or Member, provided there is at least one other Owner remaining. The system will block the demotion if it would leave the team with zero Owners.
Last Owner protection
The last remaining Owner in a team cannot:
- Be demoted to Admin or Member
- Be removed from the team
- Remove or demote themselves
This ensures every team always has at least one user with full administrative control.
Transferring ownership
To transfer ownership of a team to a different user, the current Owner should follow these steps:
- Make sure the target user is already a member of the team. If not, invite them from Team Settings.
- From the Owner account, navigate to Team Settings and find the target user.
- Change their role to Owner and confirm. Multiple Owners are now active.
- If you want the original Owner to step down, another Owner can then demote them to Admin or Member. This is only possible while at least one other Owner exists.
- Optionally, remove the previous Owner from the team after demotion.
The system does not allow removing or demoting the last remaining Owner. There must always be at least one Owner in the team.
If the target user is not yet part of the team, an existing Owner can invite them directly with the Owner role.
How roles appear in the dashboard
Owner view
Owners see the full dashboard with all settings pages accessible and editable, including SSO configuration, billing, team management, and all project settings. Owner rows in the team list display a distinct badge.
Admin view
Admins see all project and configuration pages with full read/write access. The SSO settings page is visible in read-only mode — Admins can see the protocol, identity provider information, and enforcement status, but cannot make changes. Billing settings and role promotion controls are not visible.
Member view
Members see all project pages, configurations, balances, and reports in read-only mode. Input fields and action buttons (create, edit, delete, toggle) are hidden or disabled. The invite button, remove button, and role-change controls are not visible. SSO and billing sections are not visible.
Session behavior
When a user's role is changed or they are removed from a team, the change takes effect on their next page load or API call. Active sessions reflect updated permissions without requiring a manual logout.
- Demotion (e.g., Admin → Member): The user's next page load shows the reduced-permission view. Write API calls return
403. - Removal: The user's next API call is rejected. They cannot log back in and see a clear error message indicating they no longer have access to the workspace.
Default roles
| Event | Assigned role |
|---|---|
| Team signup (new account) | Owner |
| Invited by Owner | Owner can select any role (defaults to Member) |
| Invited by Admin | Member (no other option available) |
| JIT-provisioned via SSO | Member |
Updated about 2 hours ago