Organization Management
Organizations are the top-level container for all resources in Controlinfra. Every repository, scan, member, and setting belongs to an organization.
Creating an Organization
- Click your profile avatar in the top navigation
- Select Create Organization
- Enter a name for your organization
- Click Create
You automatically become the Owner of any organization you create.
TIP
You can belong to multiple organizations and switch between them using the organization selector in the navigation.
Inviting Members
Email Invitation
- Go to Settings → Members
- Click Invite Member
- Enter the person's email address
- Select a role (see Roles below)
- Click Send Invitation
The invitee receives an email with a link to join your organization.
Invitation Link
For bulk invitations or sharing in chat:
- Go to Settings → Members
- Click Generate Invite Link
- Select the default role for new members joining via link
- Copy and share the link
WARNING
Anyone with the invitation link can join your organization. Revoke unused links from the Invitations tab when no longer needed.
Managing Invitations
View all pending invitations in Settings → Members → Invitations tab:
- See pending email and link invitations
- Delete invitations to revoke access before they are accepted
Roles
Controlinfra has four built-in roles:
| Role | Description |
|---|---|
| Owner | Full access. Can manage billing, transfer ownership, delete the org. One owner per org. |
| Admin | Full access to repositories, scans, and settings. Can manage members (except owner). |
| Member | Can view and trigger scans, manage repositories, view drifts. Cannot manage members or billing. |
| Viewer | Read-only access. Can view repositories, scans, and drift reports. |
Permission Matrix
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View repositories & drifts | Yes | Yes | Yes | Yes |
| Trigger scans | Yes | Yes | Yes | No |
| Manage repositories | Yes | Yes | Yes | No |
| Manage guardrails | Yes | Yes | No | No |
| Manage members | Yes | Yes | No | No |
| Manage integrations | Yes | Yes | No | No |
| Manage billing | Yes | No | No | No |
| Transfer ownership | Yes | No | No | No |
| Delete organization | Yes | No | No | No |
Updating a Member's Role
- Go to Settings → Members
- Find the member in the list
- Click the role dropdown next to their name
- Select the new role
- Confirm the change
Custom RBAC Roles Team+
On Team and Enterprise plans, you can create custom roles with granular permissions.
Creating a Custom Role
- Go to Settings → Roles
- Click Create Role
- Enter a name and description
- Select permissions from the available list
- Save the role
Assigning Custom Roles
Custom roles appear alongside built-in roles when inviting members or updating roles.
Managing Custom Roles
- Edit role permissions at any time — changes apply immediately to all members with that role
- Delete a custom role — members with that role revert to the Member built-in role
Available Permissions
Custom roles can be configured with granular permissions including:
- Repository management (view, create, edit, delete)
- Scan management (view, trigger, configure)
- Drift management (view, resolve, ignore)
- Guardrail management (view, create, edit, deploy)
- Member management (view, invite, edit roles, remove)
- Settings management (view, edit)
- Billing access
- Audit log access
Moving Members Between Organizations
If your team uses multiple organizations:
- Go to Settings → Members in the source organization
- Click the action menu (...) next to the member
- Select Move to Organization
- Choose the target organization
- Select the role in the target organization
- Confirm the move
The member is removed from the source organization and added to the target.
Transferring Ownership
To transfer organization ownership to another member:
- Go to Settings → General
- Scroll to Danger Zone
- Click Transfer Ownership
- Select the new owner from the member list
- Confirm by typing the organization name
WARNING
After transferring ownership, your role changes to Admin. Only the new owner can transfer ownership again.
Leaving an Organization
- Go to Settings → General
- Click Leave Organization
- Confirm
WARNING
Owners cannot leave an organization. Transfer ownership first if you need to leave.
Audit Logs
All organization activity is recorded in the audit log:
- Go to Settings → Audit Logs
- View events with filters:
| Filter | Options |
|---|---|
| Action | member.invited, member.removed, role.updated, scan.triggered, etc. |
| Actor | Filter by who performed the action |
| Date Range | Custom date range |
Audit Log Retention
| Plan | Retention |
|---|---|
| Free | 7 days |
| Pro | 30 days |
| Team | 90 days |
| Enterprise | 1 year (configurable) |
Exporting Audit Logs
On Team and Enterprise plans, export audit logs as CSV:
- Go to Settings → Audit Logs
- Apply any desired filters
- Click Export
- Download the CSV file
Organization Settings
Access organization settings from Settings → General:
| Setting | Description |
|---|---|
| Name | Organization display name |
| Default Role | Role assigned to new members via invite link |
| Notifications | Organization-wide notification preferences |
Next Steps
- IP Allowlist — Restrict access by IP address
- SSO/SAML Setup — Configure single sign-on
- Billing & Subscription — Manage your plan
- Organizations API Reference