Invite people to your site and assign roles. Admin, editor, and viewer — per-site, not per-account.
Where it is
Settings → Team (/admin/settings?tab=team).
What the tab configures
Who can access this site and what they can do. Team membership is per-site — a person who's an admin on one site can be a viewer on another, or have no access at all. That's the unit of access control.
Roles
Three built-in roles:
| Role | Can do |
|---|---|
| Admin | Everything — invite and remove members, change any setting, deploy, delete content, install agents, edit the schema |
| Editor | Create, edit, publish, and trash documents. Upload media. Run agents. Cannot change settings or invite others |
| Viewer | Read-only. Can preview pages and browse content but cannot save edits |
Roles are intentionally coarse. Finer-grained permissions (per-collection, per-field) are planned but not shipped.
Inviting someone
- Click Invite member.
- Enter their email.
- Pick a role.
- Send.
The invitee gets an email with a signup link. If they already have a webhouse.app account, the invite grants access to this site on their existing login. If they don't, the link takes them through account creation, then straight into your site.
Invites expire after 7 days. Resend from the pending list.
Changing or removing a role
Click the role pill next to a member's name and pick a new one. To remove someone entirely, use the × button — confirms inline (Remove? Yes / No) before kicking them out.
You can't demote or remove the last admin. The UI blocks it so a site can never end up admin-less.
Account vs team membership
One webhouse.app account can belong to teams on any number of sites. The account carries: email, password (or passkey), 2FA config. The team membership on each site carries: role, date added, per-site preferences.
This means leaving a team doesn't delete your account, and deleting your account removes you from every team automatically.
What the mobile app sees
The mobile app uses the same team records. If someone has editor access on a site via the web admin, they have editor access from the phone too. Push-notification topic preferences are tied to the membership, so the user can opt out of deploy_succeeded notifications on one site without affecting others.
Audit trail
Every invite, role change, and removal is logged in the audit log (Settings → Event log once you enable it). Useful when you need to prove who had access when.
Related
- Passwordless login — how account auth works (passkeys, TOTP)
- Permissions system — the lower-level permission model that roles map to