[{"data":1,"prerenderedAt":974},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Froles-and-access-control":3,"help-article-\u002Fsecurity-privacy\u002Froles-and-access-control":4,"related-articles-\u002Fsecurity-privacy\u002Froles-and-access-control":292},[],{"id":5,"title":6,"body":7,"category":275,"description":276,"draft":277,"extension":278,"meta":279,"navigation":280,"order":269,"path":281,"relatedArticles":282,"seo":286,"slug":287,"stem":288,"updatedAt":289,"__hash__":290,"excerpt":276,"searchText":291},"help\u002Fhelp\u002Fsecurity-privacy\u002F03.roles-and-access-control.md","Roles and access control",{"type":8,"value":9,"toc":262},"minimark",[10,23,28,31,145,149,152,163,166,169,176,180,183,190,197,201,216,226,229,233,236,239,243,246,252],[11,12,13,14,18,19,22],"p",{},"Every person in your workspace has one of two roles: ",[15,16,17],"strong",{},"Owner"," or ",[15,20,21],{},"Member",". Your role controls what you can see and change, from managing the team roster to running agents on cloud desktops.",[24,25,27],"h2",{"id":26},"the-two-role-model","The two-role model",[11,29,30],{},"MultiClaw uses a flat, two-role model. There are no custom roles or granular permission tiers. This keeps the access model easy to understand and reduces the chance of misconfiguration.",[32,33,34,49],"table",{},[35,36,37],"thead",{},[38,39,40,44,47],"tr",{},[41,42,43],"th",{},"Capability",[41,45,17],{"align":46},"center",[41,48,21],{"align":46},[50,51,52,63,72,81,90,99,108,117,127,136],"tbody",{},[38,53,54,58,61],{},[55,56,57],"td",{},"View and use agents",[55,59,60],{"align":46},"✓",[55,62,60],{"align":46},[38,64,65,68,70],{},[55,66,67],{},"Create and manage tasks",[55,69,60],{"align":46},[55,71,60],{"align":46},[38,73,74,77,79],{},[55,75,76],{},"Access cloud desktops",[55,78,60],{"align":46},[55,80,60],{"align":46},[38,82,83,86,88],{},[55,84,85],{},"Use skills and guardrails",[55,87,60],{"align":46},[55,89,60],{"align":46},[38,91,92,95,97],{},[55,93,94],{},"Use Quick Chat",[55,96,60],{"align":46},[55,98,60],{"align":46},[38,100,101,104,106],{},[55,102,103],{},"View the audit trail",[55,105,60],{"align":46},[55,107,60],{"align":46},[38,109,110,113,115],{},[55,111,112],{},"Approve agent plans",[55,114,60],{"align":46},[55,116,60],{"align":46},[38,118,119,122,124],{},[55,120,121],{},"Invite members",[55,123,60],{"align":46},[55,125,126],{"align":46},"—",[38,128,129,132,134],{},[55,130,131],{},"Remove members",[55,133,60],{"align":46},[55,135,126],{"align":46},[38,137,138,141,143],{},[55,139,140],{},"View the full member list",[55,142,60],{"align":46},[55,144,126],{"align":46},[146,147,17],"h3",{"id":148},"owner",[11,150,151],{},"The Owner is the person who created the workspace. Each workspace has exactly one Owner. Beyond everything a Member can do, the Owner manages who has access: inviting new members, removing existing ones, and viewing the full member list.",[11,153,154,155,162],{},"Ownership cannot be transferred through the interface. If you need to change who owns the workspace, contact ",[156,157,161],"a",{"href":158,"rel":159},"https:\u002F\u002Fmulticlaw.ai\u002Fsupport",[160],"nofollow","MultiClaw support",".",[146,164,21],{"id":165},"member",[11,167,168],{},"A Member is anyone the Owner invites into the workspace. Members have full access to the workspace's agents, tasks, cloud desktops, skills, guardrails, and Quick Chat. They can approve agent plans and view the audit trail.",[11,170,171,172,175],{},"Members cannot invite or remove other people. If a Member tries to access the ",[15,173,174],{},"Users"," page, they see a permission error.",[24,177,179],{"id":178},"how-roles-connect-to-governance-features","How roles connect to governance features",[11,181,182],{},"Your role does not limit what you can do with agents and tasks. Both Owners and Members create tasks, review agent plans, and approve or reject execution. The approval flow is a governance control that applies equally to everyone in the workspace.",[11,184,185,186,189],{},"The ",[15,187,188],{},"audit trail"," is also visible to both roles. Every action taken in the workspace — task creation, plan approval, agent execution — is logged and visible to all members. The Owner does not have a separate or more detailed audit view.",[191,192,194],"callout",{"type":193},"note",[11,195,196],{},"The Owner's unique privileges are limited to managing the member list. Day-to-day work with agents, tasks, and cloud desktops is identical for both roles.",[24,198,200],{"id":199},"manage-members","Manage members",[11,202,203,204,207,208,210,211,215],{},"Only the Owner can add or remove people. Open ",[15,205,206],{},"MultiClaw Cloud"," and go to your workspace's ",[15,209,174],{}," page (",[212,213,214],"code",{},"\u002F{your-workspace}\u002Fusers","). From there you can:",[217,218,219,223],"ol",{},[220,221,222],"li",{},"Invite a new member by entering their email address.",[220,224,225],{},"Remove an existing member by selecting them from the list.",[11,227,228],{},"When you remove a member, they lose access to all workspace resources immediately. Their past actions remain in the audit trail.",[24,230,232],{"id":231},"no-guest-or-anonymous-access","No guest or anonymous access",[11,234,235],{},"Everyone who accesses your workspace needs a MultiClaw account. The Owner must invite each person as a Member before they can see any workspace resources. There is no guest role, temporary access, or public link that bypasses this requirement.",[11,237,238],{},"If someone outside your organization needs access, ask the Owner to invite them. That person will need a MultiClaw account to accept the invitation.",[24,240,242],{"id":241},"security-considerations","Security considerations",[11,244,245],{},"The two-role model is intentionally simple. A flat structure means there are no hidden permissions, no role inheritance chains, and no risk of accidentally granting elevated access through a misconfigured custom role.",[11,247,248,249,251],{},"Because only the Owner can change the member list, a compromised Member account cannot escalate its own access or invite unauthorized users. If you suspect unauthorized access, the Owner should remove the affected member from the ",[15,250,174],{}," page and ask them to reset their password.",[191,253,255],{"type":254},"warning",[11,256,257,258,261],{},"If the Owner's account is compromised, contact ",[156,259,161],{"href":158,"rel":260},[160]," immediately. The Owner is the only person who can manage workspace membership.",{"title":263,"searchDepth":264,"depth":264,"links":265},"",2,[266,271,272,273,274],{"id":26,"depth":264,"text":27,"children":267},[268,270],{"id":148,"depth":269,"text":17},3,{"id":165,"depth":269,"text":21},{"id":178,"depth":264,"text":179},{"id":199,"depth":264,"text":200},{"id":231,"depth":264,"text":232},{"id":241,"depth":264,"text":242},"security-privacy","Each workspace member is an Owner or a Member. Owners manage people; Members access resources.",false,"md",{},true,"\u002Fsecurity-privacy\u002Froles-and-access-control",[283,284,285],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fauthentication-and-login-security","team-governance\u002Finvite-and-manage-team-members",{"title":6,"description":276},"roles-and-access-control","help\u002Fsecurity-privacy\u002F03.roles-and-access-control","2026-03-31","YTq0ENPm_n7D5uZILgReSwkGp0H0W70S4TOz_Kthnfs","Roles and access control Each workspace member is an Owner or a Member. Owners manage people; Members access resources.",[293,573,759],{"id":294,"title":295,"body":296,"category":275,"description":557,"draft":277,"extension":278,"meta":558,"navigation":280,"order":559,"path":560,"relatedArticles":561,"seo":567,"slug":568,"stem":569,"updatedAt":570,"__hash__":571,"excerpt":557,"searchText":572},"help\u002Fhelp\u002Fsecurity-privacy\u002F01.security-overview.md","Security overview",{"type":8,"value":297,"toc":542},[298,308,311,315,318,333,336,343,351,355,358,364,366,369,375,379,400,407,411,414,421,425,431,438,442,449,456,460,463,470,474,477,483,487,494,501,505,508,514,518,521,528,532,535],[11,299,300,301,304,305,162],{},"MultiClaw protects your data through multiple independent security layers: local credential storage, TLS connections, app sandboxing, and zero telemetry. Each layer works on its own, reducing the risk that a single vulnerability leads to broader exposure. The architecture follows ",[15,302,303],{},"defense-in-depth"," principles aligned with ",[15,306,307],{},"ISO\u002FIEC 27001:2022",[11,309,310],{},"This article gives you a high-level view of how MultiClaw handles security and privacy. Each section links to a dedicated article with full details.",[24,312,314],{"id":313},"separate-trust-zones","Separate trust zones",[11,316,317],{},"The desktop app, the local OpenClaw gateway, and MultiClaw Cloud operate as three distinct trust zones, each with its own authentication:",[319,320,321,327],"ul",{},[220,322,323,326],{},[15,324,325],{},"Desktop app",": connects to MultiClaw Cloud over HTTPS and WSS for API calls, real-time updates, agent configuration, and session data.",[220,328,329,332],{},[15,330,331],{},"Local OpenClaw gateway",": connects to MultiClaw Cloud separately over an authenticated WebSocket secured with short-lived signed tokens. These tokens rotate automatically, so a captured token expires before it can be reused.",[11,334,335],{},"Each connection enforces its own credentials. No zone shares authentication tokens with another.",[11,337,338],{},[339,340],"img",{"alt":341,"src":342},"MultiClaw security architecture — the four components and how they connect across trust boundaries","\u002Fimages\u002Fmulticlaw-security-architecture.png",[11,344,345,346,350],{},"See ",[156,347,349],{"href":348},"\u002Fhelp\u002Fsecurity-privacy\u002Fnetwork-security","Network security"," for details on how each connection is secured.",[24,352,354],{"id":353},"authentication-and-login-security","Authentication and login security",[11,356,357],{},"All authentication is handled by MultiClaw Cloud. You can sign in with email and password or through Multiplai single sign-on (SSO). Sessions use short-lived tokens that rotate automatically, and repeated failed login attempts trigger temporary account lockouts.",[11,359,345,360,363],{},[156,361,354],{"href":362},"\u002Fhelp\u002Fsecurity-privacy\u002Fauthentication-and-login-security"," for details on session handling, token rotation, and lockout policies.",[24,365,6],{"id":287},[11,367,368],{},"MultiClaw uses role-based access control (RBAC) in workspaces. Each person is assigned exactly one role — Owner or Member — which determines what they can view, create, and manage. Permissions follow a least-privilege model: users only have access to what their role requires.",[11,370,345,371,374],{},[156,372,6],{"href":373},"\u002Fhelp\u002Fsecurity-privacy\u002Froles-and-access-control"," for the full permission matrix.",[24,376,378],{"id":377},"encryption-at-rest-and-in-transit","Encryption at rest and in transit",[11,380,381,384,385,388,389,391,392,395,396,399],{},[15,382,383],{},"Config values"," are stored in your local config file (",[212,386,387],{},"~\u002F.openclaw\u002Fopenclaw.json",") as plain JSON. The file is not encrypted at rest; it is protected by your operating system's file permissions. Credentials and API keys stored in ",[15,390,206],{}," receive an additional application-layer encryption with ",[15,393,394],{},"AES-256"," on top of AWS disk encryption. All connections to external MultiClaw services use ",[15,397,398],{},"TLS 1.2 or higher",", covering both HTTPS and WebSocket (WSS) traffic. Communication between the desktop app and the local OpenClaw gateway uses an unencrypted connection on localhost only — this traffic never leaves your machine.",[11,401,345,402,406],{},[156,403,405],{"href":404},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model.",[24,408,410],{"id":409},"local-first-data-storage","Local-first data storage",[11,412,413],{},"Your agents, conversations, and credentials are stored on your machine by default. When you're not connected to a workspace, everything stays local. When you connect to a workspace, conversation transcripts sync to MultiClaw Cloud automatically.",[11,415,345,416,420],{},[156,417,419],{"href":418},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage"," for details on where your data lives.",[24,422,424],{"id":423},"credential-and-secret-storage","Credential and secret storage",[11,426,427,428,430],{},"Credentials and other sensitive values are stored in your local config file (",[212,429,387],{},") as plain JSON, protected by operating system file permissions. The desktop app does not send stored credentials to MultiClaw Cloud. Each credential is scoped to the context that needs it.",[11,432,345,433,437],{},[156,434,436],{"href":435},"\u002Fhelp\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored","How credentials and secrets are stored"," for details on how credentials are stored, scoped, and managed.",[24,439,441],{"id":440},"sandboxed-desktop-app","Sandboxed desktop app",[11,443,444,445,448],{},"The desktop app is built on ",[15,446,447],{},"Tauri v2",", which enforces a capability-based permission model. The interface layer cannot access your filesystem or start processes on its own. Every sensitive operation goes through an explicitly declared Tauri command, limiting the potential damage from any interface-level vulnerability.",[11,450,345,451,455],{},[156,452,454],{"href":453},"\u002Fhelp\u002Fsecurity-privacy\u002Fdesktop-app-security","Desktop app security"," for details on the sandboxing model and capability declarations.",[24,457,459],{"id":458},"browser-extension-isolation","Browser extension isolation",[11,461,462],{},"The MultiClaw Chrome Extension content script is loaded on all pages, but it only captures and transmits interaction data when a recording session is active. Event listeners are registered when the extension loads; they check whether recording is active before capturing anything, and no data is collected or sent between sessions.",[11,464,345,465,469],{},[156,466,468],{"href":467},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security","Browser extension security"," for full details on what the extension accesses and when.",[24,471,473],{"id":472},"privacy-and-data-handling","Privacy and data handling",[11,475,476],{},"MultiClaw Desktop does not collect usage analytics or telemetry. If the app crashes, the crash log stays on your machine. Conversation content stays on your machine unless you choose to sync it to a workspace. MultiClaw Cloud stores only the account, workspace, and session data needed to operate the service.",[11,478,345,479,482],{},[156,480,473],{"href":481},"\u002Fhelp\u002Fsecurity-privacy\u002Fprivacy-and-data-handling"," for what data MultiClaw collects, how long it's retained, and your rights.",[24,484,486],{"id":485},"signed-updates-and-supply-chain-security","Signed updates and supply chain security",[11,488,489,490,493],{},"App updates are signed with ",[15,491,492],{},"minisign",". Before installing an update, the updater verifies the signature against the published public key and rejects any update with an invalid or missing signature. Third-party dependencies are pinned to exact versions, scanned for vulnerabilities, and reviewed before they ship.",[11,495,345,496,500],{},[156,497,499],{"href":498},"\u002Fhelp\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security","Dependency and supply chain security"," for the full scanning and review process.",[24,502,504],{"id":503},"allowed-external-connections","Allowed external connections",[11,506,507],{},"MultiClaw makes a fixed, documented set of outbound connections from your machine. Each connection has a specific purpose — API calls, real-time updates, AI execution, or update checks. No undocumented connections are made.",[11,509,345,510,513],{},[156,511,504],{"href":512},"\u002Fhelp\u002Fsecurity-privacy\u002Fallowed-external-connections"," for the full list of endpoints, protocols, and when each connection occurs.",[24,515,517],{"id":516},"incident-reporting","Incident reporting",[11,519,520],{},"If you discover a security vulnerability, you can report it directly to the MultiClaw security team. Reports are acknowledged within 24 hours and follow a structured triage and resolution process.",[11,522,345,523,527],{},[156,524,526],{"href":525},"\u002Fhelp\u002Fsecurity-privacy\u002Fincident-reporting-and-response","Incident reporting and response"," for how to submit a report and what to expect.",[24,529,531],{"id":530},"shared-responsibility","Shared responsibility",[11,533,534],{},"Security in MultiClaw is a shared effort. MultiClaw secures the infrastructure, encrypts data in transit, and hardens the app. You're responsible for protecting your credentials, managing workspace access, and configuring agents appropriately.",[11,536,345,537,541],{},[156,538,540],{"href":539},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model"," for a clear breakdown of what each party owns.",{"title":263,"searchDepth":264,"depth":264,"links":543},[544,545,546,547,548,549,550,551,552,553,554,555,556],{"id":313,"depth":264,"text":314},{"id":353,"depth":264,"text":354},{"id":287,"depth":264,"text":6},{"id":377,"depth":264,"text":378},{"id":409,"depth":264,"text":410},{"id":423,"depth":264,"text":424},{"id":440,"depth":264,"text":441},{"id":458,"depth":264,"text":459},{"id":472,"depth":264,"text":473},{"id":485,"depth":264,"text":486},{"id":503,"depth":264,"text":504},{"id":516,"depth":264,"text":517},{"id":530,"depth":264,"text":531},"MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{},1,"\u002Fsecurity-privacy\u002Fsecurity-overview",[562,563,564,565,566],"security-privacy\u002Fdata-encryption","security-privacy\u002Fnetwork-security","security-privacy\u002Fbrowser-extension-security","security-privacy\u002Fhow-credentials-and-secrets-are-stored","security-privacy\u002Fprivacy-and-data-handling",{"title":295,"description":557},"security-overview","help\u002Fsecurity-privacy\u002F01.security-overview","2026-03-30","3x0_VX5XDDMQT5kwODVWQnpjsjlxJfe0Lbg5V4Kim9I","Security overview MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{"id":574,"title":354,"body":575,"category":275,"description":750,"draft":277,"extension":278,"meta":751,"navigation":280,"order":264,"path":752,"relatedArticles":753,"seo":755,"slug":353,"stem":756,"updatedAt":570,"__hash__":757,"excerpt":750,"searchText":758},"help\u002Fhelp\u002Fsecurity-privacy\u002F02.authentication-and-login-security.md",{"type":8,"value":576,"toc":739},[577,580,584,591,594,598,609,612,616,619,622,626,629,633,636,647,650,660,664,667,670,676,680,687,692,696,699,734],[11,578,579],{},"Every sign-in to MultiClaw goes through MultiClaw Cloud, which manages your credentials, sessions, and lockout protection. You can sign in with an email and password or through Multiplai SSO. This article explains how each method works, what protections are in place, and what you are responsible for.",[24,581,583],{"id":582},"email-and-password","Email and password",[11,585,586,587,590],{},"You can create an account with your email and a password. Passwords are hashed with ",[15,588,589],{},"bcrypt"," before storage — MultiClaw never stores your password in plain text.",[11,592,593],{},"Your password must be at least 8 characters. For the strongest protection, use a unique password that you don't reuse across other services. A password manager makes this easier.",[24,595,597],{"id":596},"sign-in-with-multiplai","Sign in with Multiplai",[11,599,600,601,604,605,608],{},"If your organisation uses ",[15,602,603],{},"Multiplai",", you can sign in with Multiplai SSO instead of a separate password. Click ",[15,606,607],{},"Continue with multiplai.app"," on the sign-in screen. MultiClaw redirects you to Multiplai to authenticate — MultiClaw never receives or stores your Multiplai password.",[11,610,611],{},"When you sign in through Multiplai, your Multiplai account controls the authentication experience. Password policies, session rules, and any additional protections (such as multi-factor authentication) are managed by Multiplai, not by MultiClaw.",[24,613,615],{"id":614},"session-security","Session security",[11,617,618],{},"After you sign in, the desktop app stores a session token in local storage. This token identifies you for all requests to MultiClaw Cloud.",[11,620,621],{},"Session tokens are short-lived and rotate automatically. Because tokens expire and refresh without action on your part, a captured token has a limited window of usefulness. The session token is separate from any OpenClaw gateway configuration on your machine — compromising one does not affect the other.",[146,623,625],{"id":624},"signing-out","Signing out",[11,627,628],{},"Signing out of the desktop app revokes the session token on the server immediately. If you use MultiClaw on more than one device, sign out of each device individually. Always sign out when using a shared or untrusted machine.",[146,630,632],{"id":631},"if-you-suspect-a-compromised-session","If you suspect a compromised session",[11,634,635],{},"If you believe someone else has accessed your account:",[217,637,638,641,644],{},[220,639,640],{},"Sign out of the desktop app on every device you have access to.",[220,642,643],{},"Reset your password from the sign-in screen.",[220,645,646],{},"Contact MultiClaw through the website to report the suspected unauthorised access.",[11,648,649],{},"Under the Terms of Service (§4.3), you are required to notify MultiClaw promptly of any suspected unauthorised access to your account.",[191,651,652],{"type":254},[11,653,654,655,210,657,659],{},"To remove a user from your workspace entirely, the workspace owner can go to the ",[15,656,174],{},[212,658,214],{},") in MultiClaw Cloud and revoke their access.",[24,661,663],{"id":662},"account-lockout","Account lockout",[11,665,666],{},"MultiClaw rate-limits sign-in attempts to protect against brute-force attacks. If you enter too many incorrect passwords in a short window, you see a \"Too many requests\" error.",[11,668,669],{},"Wait a minute and try again — the limit resets automatically. No admin action is required to restore access.",[191,671,673],{"type":672},"tip",[11,674,675],{},"If the error persists after waiting, confirm you are entering the correct email address. If you've forgotten your password, use the password-reset link on the sign-in screen rather than retrying.",[24,677,679],{"id":678},"what-this-article-does-not-cover","What this article does not cover",[11,681,682,683,686],{},"Authentication for the local OpenClaw gateway is handled separately from your MultiClaw Cloud sign-in. The gateway uses its own short-lived signed tokens that rotate automatically. See ",[156,684,295],{"href":685},"\u002Fhelp\u002Fsecurity-privacy\u002Fsecurity-overview"," for how the trust zones connect.",[11,688,689,690,162],{},"Credential and secret storage (API keys, config values) is covered in ",[156,691,436],{"href":435},[24,693,695],{"id":694},"your-security-responsibilities","Your security responsibilities",[11,697,698],{},"MultiClaw secures the authentication infrastructure: password hashing, token rotation, rate limiting, and TLS for all connections. You are responsible for:",[319,700,701,707,713,719,725],{},[220,702,703,706],{},[15,704,705],{},"Choosing a strong password",": use at least 8 characters and avoid reusing passwords from other services.",[220,708,709,712],{},[15,710,711],{},"Keeping credentials confidential",": don't share your password or session details with others.",[220,714,715,718],{},[15,716,717],{},"Signing out on shared devices",": always sign out after using MultiClaw on a machine you don't control.",[220,720,721,724],{},[15,722,723],{},"Reporting unauthorised access promptly",": notify MultiClaw through the website if you suspect your account has been compromised.",[220,726,727,730,731,733],{},[15,728,729],{},"Managing workspace membership",": if you are the workspace owner, periodically review the member list on your workspace's ",[15,732,174],{}," page and remove users who no longer need access.",[11,735,736,737,162],{},"For the full breakdown of what MultiClaw secures versus what you own, see ",[156,738,540],{"href":539},{"title":263,"searchDepth":264,"depth":264,"links":740},[741,742,743,747,748,749],{"id":582,"depth":264,"text":583},{"id":596,"depth":264,"text":597},{"id":614,"depth":264,"text":615,"children":744},[745,746],{"id":624,"depth":269,"text":625},{"id":631,"depth":269,"text":632},{"id":662,"depth":264,"text":663},{"id":678,"depth":264,"text":679},{"id":694,"depth":264,"text":695},"How MultiClaw protects your sign-in with password hashing, Multiplai SSO, session tokens, and rate limiting.",{},"\u002Fsecurity-privacy\u002Fauthentication-and-login-security",[283,754,562,565],"security-privacy\u002Froles-and-access-control",{"title":354,"description":750},"help\u002Fsecurity-privacy\u002F02.authentication-and-login-security","Q3uaypfNh-TfTIgNs3H-gCn6nE2selkaSa8_UYNjZ-g","Authentication and login security How MultiClaw protects your sign-in with password hashing, Multiplai SSO, session tokens, and rate limiting.",{"id":760,"title":761,"body":762,"category":964,"description":965,"draft":277,"extension":278,"meta":966,"navigation":280,"order":264,"path":967,"relatedArticles":968,"seo":969,"slug":970,"stem":971,"updatedAt":570,"__hash__":972,"excerpt":965,"searchText":973},"help\u002Fhelp\u002Fteam-governance\u002F02.invite-and-manage-team-members.md","Invite and manage team members",{"type":8,"value":763,"toc":958},[764,774,778,781,864,874,878,902,905,909,929,932,936,950,953],[11,765,766,767,769,770,773],{},"You manage team access in ",[15,768,206],{}," under ",[15,771,772],{},"Settings > Members",". From there you can invite new members, assign roles, change permissions, and remove people who no longer need access.",[24,775,777],{"id":776},"roles-and-permissions","Roles and permissions",[11,779,780],{},"Each member gets one role. Choose the role that gives them exactly what they need — no more.",[32,782,783,801],{},[35,784,785],{},[38,786,787,790,793,796,798],{},[41,788,789],{},"Role",[41,791,792],{},"Use agents",[41,794,795],{},"Manage settings",[41,797,200],{},[41,799,800],{},"Delete workspace",[50,802,803,818,834,848],{},[38,804,805,809,812,814,816],{},[55,806,807],{},[15,808,17],{},[55,810,811],{},"Yes",[55,813,811],{},[55,815,811],{},[55,817,811],{},[38,819,820,825,827,829,831],{},[55,821,822],{},[15,823,824],{},"Admin",[55,826,811],{},[55,828,811],{},[55,830,811],{},[55,832,833],{},"No",[38,835,836,840,842,844,846],{},[55,837,838],{},[15,839,21],{},[55,841,811],{},[55,843,833],{},[55,845,833],{},[55,847,833],{},[38,849,850,855,858,860,862],{},[55,851,852],{},[15,853,854],{},"Viewer",[55,856,857],{},"Read-only",[55,859,833],{},[55,861,833],{},[55,863,833],{},[11,865,866,867,869,870,873],{},"There is one ",[15,868,17],{}," per workspace. ",[15,871,872],{},"Viewers"," can see conversations and agent outputs but cannot start conversations or make changes.",[24,875,877],{"id":876},"invite-a-team-member","Invite a team member",[217,879,880,886,893,896],{},[220,881,882,883,885],{},"Go to ",[15,884,772],{}," in MultiClaw Cloud.",[220,887,888,889,892],{},"Enter the person's email address in the ",[15,890,891],{},"Invite member"," field.",[220,894,895],{},"Select a role from the dropdown.",[220,897,898,899,162],{},"Click ",[15,900,901],{},"Send invite",[11,903,904],{},"The invitee will receive access to join your workspace. If an invite does not reach the recipient, check that the email address is correct and ask them to check their spam folder.",[24,906,908],{"id":907},"change-a-members-role","Change a member's role",[217,910,911,915,918,924],{},[220,912,882,913,162],{},[15,914,772],{},[220,916,917],{},"Select the member whose role you want to change.",[220,919,920,921,923],{},"Choose a new role from the ",[15,922,789],{}," dropdown.",[220,925,898,926,162],{},[15,927,928],{},"Save",[11,930,931],{},"The change takes effect immediately. The member does not need to sign out and back in.",[24,933,935],{"id":934},"remove-a-member","Remove a member",[217,937,938,942,945],{},[220,939,882,940,162],{},[15,941,772],{},[220,943,944],{},"Select the member you want to remove.",[220,946,898,947,162],{},[15,948,949],{},"Remove",[11,951,952],{},"Their access is revoked immediately. Their past conversations and agent outputs remain in the workspace — nothing is deleted.",[191,954,955],{"type":193},[11,956,957],{},"Assign the most restrictive role that still lets someone do their job. You can change a member's role at any time.",{"title":263,"searchDepth":264,"depth":264,"links":959},[960,961,962,963],{"id":776,"depth":264,"text":777},{"id":876,"depth":264,"text":877},{"id":907,"depth":264,"text":908},{"id":934,"depth":264,"text":935},"team-governance","Add members to your workspace, assign roles, and control access permissions.",{},"\u002Fteam-governance\u002Finvite-and-manage-team-members",[],{"title":761,"description":965},"invite-and-manage-team-members","help\u002Fteam-governance\u002F02.invite-and-manage-team-members","zRJe-qksY9FGbaU9DHFevtcHOkYbLwVnlhrFTXTcXAw","Invite and manage team members Add members to your workspace, assign roles, and control access permissions.",1778463887791]