Users & Teams

The user side of Level is structured as a tree: Organization → Team → Sub-team. Members live on a node of the tree, and the roles attached to that node decide what they can see and do. For one-off cases — one user needs one extra permission — you can apply a permission override without changing roles.

The page has two columns: an organization tree on the left and a team detail panel on the right with three tabs (Members, Roles & Permissions, and — when applicable — Reports).

The tree

Three node types, three levels — the hierarchy is fixed at three:

• Organization — the root. Every workspace has exactly one.
• Team — children of Organization.
• Sub-team — children of Team. Sub-teams cannot have further children — three levels is the maximum.

The Organization root is always expanded; teams below collapse and expand on click. Each node shows a small badge with the count of members at that node.

Selecting a node loads its detail view on the right.

What you can do

Create a team or sub-team

With a node selected, click Create team (visible only if you have permission to manage teams). The Create Team modal asks for:

• Name (required).
• Description (optional).

Submit creates a child of the selected node — a Team if you were on Organization, a Sub-team if you were on a Team.

Add members

On the Members tab, click Add member. Two modes:

• Existing user — search by name or email; matches across the workspace. Pick the user, then check off one or more roles to assign. Multiple roles per user is allowed.
• Invite by email — type a new email; Level sends an invitation. Pick exactly one role for the invitee. The note in the modal makes the constraint explicit: "The recipient must log in with the same address to accept."

Invited people land on the invitation page. They have to be signed in with the email the invitation was sent to — Level checks the match. Accepting moves them onto the team with the role you picked. Pending invitations show up on the Members tab with a Pending badge and how long ago they were sent.

Remove a member

Open the row's overflow menu and choose Remove member. Owners can't be removed this way.

Manage member access

Members have an extra action — Manage access — that opens the access modal. From there you can:

• Add or remove roles for that user.
• Open Permission overrides to grant or deny specific permissions for that user only (requires permission to manage roles).

Roles

The Roles & Permissions tab is where role definitions live, scoped to the selected node:

• A list of roles on the left.
• The selected role's detail on the right with two sub-tabs: Members (who has this role) and Permissions (what the role grants).

If you don't have permission to manage roles, you only see the roles assigned to you. With it, you see every role on this node and can edit them.

Create a role

Create role opens a modal:

• Name (required).
• Propagate to child teams — toggle. When on, members holding this role at this team also get it on every sub-team below.

Roles are created with no permissions. Add permissions via the role's Permissions tab.

Edit role permissions

The Permissions tab groups permissions by category — Administration, Reporting, Configuration & Operations, Clients. Each row is one permission with a description and a toggle.

Toggle changes are batched: Save and Discard buttons appear at the bottom once you've made changes. Save commits; Discard reverts.

The Owner role

Each Organization has a special Owner role:

• Read-only — you can't modify its permissions or remove members.
• Owner has every permission everywhere by definition.
• The Permissions tab for Owner shows: "Owner role has all permissions and cannot be modified."

Permission overrides

Click Permission overrides on a member's action menu (requires permission to manage roles). The override modal lists every permission, grouped by category, with three buttons per row:

• Default — use whatever the user's roles say (no override).
• Grant — explicitly give this permission to this user on top of their roles.
• Deny — explicitly remove this permission for this user, even if their roles include it.

The Effective permissions summary at the top combines roles + overrides into the final answer for the selected user.

Two key permissions

Two capabilities gate most of what's covered here:

• Manage Teams & Users — required to create / edit / delete teams, add or remove members, send invitations.
• Manage Roles — required to create / edit roles, edit role permissions, apply permission overrides.

Other permissions (Reporting, Configuration, Clients, etc.) belong to the same catalogue and are assignable to any role you build. See Catalogue for the full list.

Sign-up and invitations

Two onboarding pages live outside this section:

• Register — sign up with email, display name, and password (minimum 8 characters; the form shows live rules). See Signing up.
• Accept invitation — what an invited user lands on. Renders one of several states (loading, valid, already accepted, expired, email mismatch, not found). See Accepting an invitation.

Reports tab

When you select a team that's been associated with a client and you have permission to manage roles, a third tab appears: Reports. It's intentionally separate from the global Reports section — it's narrowly about which reports this team has access to. Most workspaces don't use it; configure it only when scoping per-team report access matters.

In this section

• Organization tree — the three-level hierarchy and how to move between nodes.
• Teams — creating teams and sub-teams.
• Members — adding people, managing access, removing.
• Invitations — sending invitations and how recipients accept them.
• Permissions — roles, permission catalogue, and per-user overrides.