Workspaces & Teams
A workspace is the top-level organizational unit in Redstick Agents. It contains projects, team members, and billing.
Workspace Setup#
Each workspace has:
- Name — Display name for the workspace
- Slug — URL identifier (e.g.,
my-teamin/w/my-team/), immutable after creation - Plan — Free, Starter, or Pro (see Billing & Plans)
- MFA enforcement — Owners and admins can require all members to enable multi-factor authentication (see Authentication)
Team Roles#
Every workspace member has one of three roles:
| Role | Description |
|---|---|
| Owner | Full control — billing, team management, all permissions. One owner per workspace. |
| Admin | All permissions except billing. Can manage team members and project settings. |
| Member | Can create and view executions. Limited project and configuration access by default. |
Default Permission Matrix#
| Permission | Owner | Admin | Member |
|---|---|---|---|
execution:create | Yes | Yes | Yes |
execution:cancel | Yes | Yes | No |
execution:view | Yes | Yes | Yes |
project:create | Yes | Yes | No |
project:delete | Yes | Yes | No |
project:settings | Yes | Yes | No |
Owners can customize the permission matrix per workspace. See Permissions for details.
Inviting Team Members#
Owners and admins can invite new members:
- Go to Team from the sidebar
- Click Invite Member
- Enter the invitee's email and select a role
- The invitee receives an email invitation valid for 7 days
Invitation Management#
- Resend — Send the invitation email again
- Revoke — Cancel a pending invitation
- Expired invitations must be re-created
Invitations appear in the audit log when sent, accepted, or revoked.
Managing Members#
From the Team page, owners and admins can:
- Change roles — Promote or demote members (owners can transfer ownership)
- Remove members — Remove a user from the workspace
- View member list — See all members with their roles and join dates
Role changes and member removals are recorded in the audit log.
Audit Log#
The workspace audit log tracks security-relevant events:
| Event | Description |
|---|---|
login_success | Successful login |
login_failed | Failed login attempt |
logout | User logout |
signup | New account creation |
password_changed | Password change |
password_reset_requested | Password reset initiated |
password_reset_completed | Password reset completed |
profile_updated | Profile information changed |
email_verified | Email address verified |
invitation_sent | Team invitation sent |
invitation_accepted | Invitation accepted |
invitation_revoked | Invitation revoked |
member_role_changed | Role change |
member_removed | Member removed |
ssh_key_generated | SSH key generated |
ssh_key_imported | SSH key imported |
ssh_key_deleted | SSH key deleted |
impersonation_start | Admin impersonation started |
impersonation_end | Admin impersonation ended |
mfa_enrollment_started | MFA enrollment initiated |
mfa_enrolled | MFA enrollment confirmed |
mfa_disabled | MFA disabled |
mfa_verified | MFA code verified |
mfa_backup_used | MFA backup code used |
mfa_backup_regenerated | MFA backup codes regenerated |
Access the audit log from the sidebar. Filter by event type, user, or date range.