Overview
SeggWat uses a role-based access control system to manage permissions within organizations. Each member of an organization has one of three roles that determine what actions they can perform.All members are scoped to an organization. Each organization can have multiple projects, and API keys grant access to all projects within that organization.
Role Types
Owner
The highest level of access with full control over the organization.Owner Capabilities
- Full billing and subscription management
- Delete the organization
- Transfer ownership to another member
- All Admin and Member capabilities
- An organization must have at least one Owner
- Cannot remove yourself as Owner if you’re the last one
- Must transfer ownership before leaving the organization
Admin
Administrative access for managing the organization and its resources.Admin Capabilities
- Create, update, and delete projects
- Invite and remove members (excluding Owners)
- Change member roles (Member ↔ Admin only)
- Create and manage API keys
- View all feedback across projects
- Update organization details (name, slug)
- All Member capabilities
- Cannot modify or remove Owner-level members
- Cannot change their own role
- Cannot manage billing or subscriptions
- Cannot delete the organization
Member
Basic access for viewing and contributing feedback.Member Capabilities
- View feedback in projects they have access to
- Create feedback manually in the dashboard
- View project settings (read-only)
- View organization members list
- Cannot invite or remove other members
- Cannot create or manage projects
- Cannot create or manage API keys
- Cannot modify organization settings
Permission Matrix
| Action | Owner | Admin | Member |
|---|---|---|---|
| Organization Management | |||
| View organization details | ✅ | ✅ | ✅ |
| Update organization (name, slug) | ✅ | ✅ | ❌ |
| Delete organization | ✅ | ❌ | ❌ |
| Manage billing & subscription | ✅ | ❌ | ❌ |
| Transfer ownership | ✅ | ❌ | ❌ |
| Member Management | |||
| View members | ✅ | ✅ | ✅ |
| Invite new members | ✅ | ✅ | ❌ |
| Remove Members | ✅ | ✅ | ❌ |
| Remove Admins | ✅ | ❌ | ❌ |
| Remove Owners | ✅ (if multiple) | ❌ | ❌ |
| Change member role to Member/Admin | ✅ | ✅ | ❌ |
| Change member role to Owner | ✅ | ❌ | ❌ |
| Project Management | |||
| View projects | ✅ | ✅ | ✅ |
| Create projects | ✅ | ✅ | ❌ |
| Update projects | ✅ | ✅ | ❌ |
| Delete projects | ✅ | ✅ | ❌ |
| View project API keys | ✅ | ✅ | ❌ |
| Feedback Management | |||
| View feedback | ✅ | ✅ | ✅ |
| Create feedback manually | ✅ | ✅ | ✅ |
| Update feedback status/type | ✅ | ✅ | ❌ |
| Delete feedback | ✅ | ✅ | ❌ |
| Archive feedback | ✅ | ✅ | ❌ |
| API Access | |||
| Create API keys | ✅ | ✅ | ❌ |
| View API keys | ✅ | ✅ | ❌ |
| Revoke API keys | ✅ | ✅ | ❌ |
| Delete API keys | ✅ | ✅ | ❌ |
Managing Team Members
Inviting Members
Invite New Member
Click Invite Member, enter their email address, and select their role (Member or Admin).
Invitation links are valid for 7 days. After that, they expire and you’ll need to resend the invitation.
Invitation States
| State | Description |
|---|---|
| Pending | Invitation sent, waiting for the user to accept |
| Expired | Invitation link has expired after 7 days |
| Active | User has accepted the invitation and joined the organization |
Changing Member Roles
- Go to Settings → Access Control
- Find the member in the list
- Click the role dropdown next to their name
- Select the new role
Removing Members
- Go to Settings → Access Control
- Find the member in the list
- Click the Remove button next to their name
- Confirm the removal
- Owners can remove anyone (except themselves if they’re the last Owner)
- Admins can only remove Members
- Members cannot remove anyone
API Key Permissions
API keys are scoped to the organization level and inherit permissions based on who created them:- API keys grant access to all projects within the organization
- API keys can list and retrieve feedback from any project in the organization
- API keys cannot modify feedback, projects, or organization settings
- Only Owners and Admins can create API keys
Best Practices
Follow the principle of least privilege
Follow the principle of least privilege
Assign the minimum role necessary for each team member:
- Member: For team members who only need to view feedback
- Admin: For team leads who manage projects and team
- Owner: For founders and executives who handle billing
Have multiple Owners
Have multiple Owners
Designate at least 2-3 Owners to prevent lockout if one Owner leaves or loses access. This ensures continuity in organization management.
Regular access reviews
Regular access reviews
Periodically review your team members and remove those who no longer need access. Check the Access Control page quarterly to audit permissions.
Use specific API key labels
Use specific API key labels
When creating API keys, use descriptive labels:
- ✅ Good: “Production API Server”, “Staging Environment”, “GitHub Actions CI”
- ❌ Bad: “Key 1”, “Test”, “My Key”
Revoke unused API keys
Revoke unused API keys
Regularly check the “Last Used” timestamp on API keys. Revoke keys that haven’t been used in 30+ days to minimize security risk.
Onboard with invitations
Onboard with invitations
Always use the invitation system rather than sharing login credentials. This ensures proper audit trails and individual accountability.
Common Scenarios
Scenario: Adding a Contractor
Question: I’m hiring a contractor to help process feedback. What role should I assign? Answer: Assign them the Member role initially. This gives them read access to feedback without allowing them to modify projects or invite others. If they need to manage feedback status/types, promote them to Admin temporarily.Scenario: Team Lead Needs More Access
Question: My team lead needs to create projects and manage API keys. What role do they need? Answer: Promote them to Admin. This gives them full project management capabilities and the ability to create API keys, without access to billing or organization deletion.Scenario: Founder is Leaving
Question: One of our co-founders is leaving the company. How do we transfer their ownership? Answer:- Ensure you have at least one other Owner in the organization
- The leaving Owner can demote themselves to Member or leave entirely
- If they’re the last Owner, they must first promote another trusted member to Owner before leaving
Scenario: API Key Compromise
Question: We think one of our API keys was exposed. What should we do? Answer:- Go to Settings → API Tokens
- Immediately Revoke or Delete the compromised key
- Create a new API key with a descriptive label
- Update your application/service with the new key
- Monitor the “Last Used” timestamp to ensure the old key isn’t being used
Scenario: Temporary External Access
Question: We need to give a partner company temporary access to view feedback for a specific project. Answer:- Invite them as a Member with their email
- Set a calendar reminder to remove them after the agreed period
- Alternatively, create a time-limited API key and share that instead (though you’ll need to monitor usage manually)
Security Considerations
Activity Tracking
SeggWat tracks the following actions for security and compliance:- When members are invited, joined, or removed
- When roles are changed (who changed it and when)
- When API keys are created, used, revoked, or deleted
- Who created each API key and when it was last used
Frequently Asked Questions
Can I have more than one Owner?
Can I have more than one Owner?
Yes! We recommend having 2-3 Owners for redundancy. Any Owner can promote other members to Owner status.
What happens when an Owner leaves?
What happens when an Owner leaves?
If there are multiple Owners, they can remove themselves or demote to a lower role. If they’re the last Owner, they must first promote another member to Owner before leaving.
Can Members see billing information?
Can Members see billing information?
No, only Owners can view and manage billing, subscriptions, and payment methods.
How long do invitation links last?
How long do invitation links last?
Invitation links are valid for 7 days. After that, they expire and need to be resent.
Can I customize role permissions?
Can I customize role permissions?
Currently, roles have fixed permissions. Custom roles are not supported yet. If you need specific permission configurations, please contact support.
Do API keys expire automatically?
Do API keys expire automatically?
No, API keys do not expire automatically. You must manually revoke or delete them. We recommend rotating keys every 90 days for security.
Can I limit API key access to specific projects?
Can I limit API key access to specific projects?
Not currently. API keys grant access to all projects within the organization. Project-level API keys are on the roadmap.