Workspace Members vs. PR Licenses: These are separate concepts. You can have 1 workspace member but 20 PR licenses, or vice versa. Workspace members control administrative access to the workspace, while PR licenses determine how many pull requests can be reviewed per month.
Overview
Kodus workspaces supports Role-Based Access Control (RBAC), allowing you to manage user permissions and access levels within your organization. Each workspace member can be assigned one of four distinct roles, each with specific permissions and capabilities.Available Roles
Each role provides different levels of access and capabilities within the workspace:Owner
Full administrative access to the workspace and all its resources. Can view, edit, and delete all configurations across all repositories.Billing Manager
Financial and billing management access with access to billing/subscription management and view access to most configurations, but no edit access to code review settings.Repository Admin
Repository management access focused on managing code review configurations for repositories they own, with full access to issues, cockpit, and plugins.Contributor
Basic access for team members who need to view configurations for repositories they are assigned to. Limited to view-only access for most features.Role Permissions Matrix
Here’s a detailed breakdown of what each role can do, based on the actual permissions matrix:Legend: V = View, E = Edit, D = Delete, (all) = All repositories, (own) = Own repositories only, - = No access
| Permission | Owner | Billing Manager | Repository Admin | Contributor |
|---|---|---|---|---|
| Code Review Configuration Global | V (all) / E (all) | V (all) | V (all) | V (all) |
| Code Review Configuration Repository | V (all) / E (all) / D (all) | V (all) | V (own) / E (own) | V (own) |
| Code Review Configuration Folder | V (all) / E (all) / D (all) | V (all) | V (own) / E (own) | V (own) |
| Billing / Subscription | V (all) / E (all) / D (all) | V (all) / E (all) / D (all) | - | - |
| Cockpit | V (all) / E (all) | - | V (own) | - |
| Issues | V (all) / E (all) | - | V (all) / E (own) | V (own) |
| Activity Log | V (all) | V (all) | V (own) | V (own) |
| Git Settings | V (all) / E (all) / D (all) | V (all) | V (all) | V (all) |
| Pull Request | V (all) / E (all) / D (all) | V (all) | V (all) | - |
| Plugins | V (all) / E (all) / D (all) | V (all) | V (all) | - |
Managing Workspace Members
Adding New Members
- Navigate to your workspace Members section
- Click “Invite member” button
- Enter the member’s email address
- Select the appropriate role for the new member
- Send the invitation
Invited members will receive an email invitation and need to accept it to join the workspace.
Changing Member Roles
- Go to the Members section in your workspace
- Find the member whose role you want to change
- Click on their current role dropdown
- Select the new role from the available options
- The change takes effect immediately
When changing roles, consider the impact on the member’s access to resources and their ability to perform their job functions.
Removing Members
- In the Members section, locate the member to remove
- Click the “Actions” menu (three dots)
- Select “Remove from workspace”
- Confirm the removal in the dialog
Removed members will lose access to all workspace resources immediately. They will need to be re-invited if they need access again.
Security Considerations
- Principle of Least Privilege: Always assign the role with the minimum necessary permissions
- Regular Audits: Periodically review member roles and adjust as needed
- Access Reviews: Conduct quarterly reviews of workspace access and permissions
- Immediate Revocation: Remove access immediately when a member leaves the organization
Troubleshooting
Common Issues
“I can’t invite new members to the workspace”- Verify you have Owner or Repository Admin role
- Check if your workspace has reached any system limits
- Ensure you have the correct permissions in your account
- Confirm the member has Repository Admin or Owner role for the specific repository
- Check if the member has “own” permissions for the repository they want to edit
- Verify the member’s role assignment is correct
- Ensure the member has Owner or Billing Manager role
- Check if billing features are enabled for your workspace
- Verify the member’s access hasn’t been restricted
- Confirm the member has Repository Admin or Owner role
- Check if the member is assigned to repositories they want to access
- Verify the member’s role assignment is correct