> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Organizations & members

> How organizations, membership, and role-based access control (RBAC) work in VendexLabs.

VendexLabs is organized around **organizations** (accounts). Your vendors, lists, assessments, and settings all belong to an organization, and people are granted access by being added as members with a role.

## Organizations

An organization is your team's workspace. It owns:

* Your **vendor lists** (including the default `master-list`)
* Every **assessment** and its history
* **Members** and their roles
* Organization **settings** and notification preferences

A person can belong to more than one organization and switch between them in the app.

## Roles

Access within an organization is governed by four roles, ranked from least to most privileged. Each role includes everything below it.

| Rank | Role       | In one line                                       |
| ---- | ---------- | ------------------------------------------------- |
| 3    | **Owner**  | Full control, including ownership.                |
| 2    | **Admin**  | Manage the team, plus everything a member can do. |
| 1    | **Member** | Create and edit vendor content.                   |
| 0    | **Viewer** | Read-only.                                        |

## Permission matrix (RBAC)

VendexLabs enforces role-based access control consistently across the app and the API. The capability gates are:

| Capability                                        | Viewer | Member | Admin | Owner |
| ------------------------------------------------- | :----: | :----: | :---: | :---: |
| View lists, vendors, assessments, metrics         |    ✅   |    ✅   |   ✅   |   ✅   |
| Create/edit vendors, lists, assessments, evidence |    —   |    ✅   |   ✅   |   ✅   |
| Manage subscribers & alert settings               |    —   |    ✅   |   ✅   |   ✅   |
| Invite/remove members, assign roles               |    —   |    —   |   ✅   |   ✅   |
| Assign the **owner** role                         |    —   |    —   |   —   |   ✅   |

<Note>
  Guardrails protect your organization: the **last owner** can't be removed or demoted, an **admin** cannot assign the `owner` role, and only an **owner** can promote someone to owner.
</Note>

<Info>
  These are **organization** roles. They are separate from VendexLabs **platform administration**, which governs global vendor data (like the shared vendor directory) and is not something customer organizations manage.
</Info>

## Inviting and managing people

<Steps>
  <Step title="Invite members">
    An admin or owner adds people by email. New members default to the **Member** role unless you choose otherwise.
  </Step>

  <Step title="Adjust roles">
    Change a person's role as their responsibilities change. Only an owner can promote someone to owner.
  </Step>

  <Step title="Remove access">
    Admins and owners can remove members. VendexLabs prevents removing the last owner.
  </Step>
</Steps>

When someone is added or their role changes, VendexLabs emails them so access changes are transparent.

<CardGroup cols={2}>
  <Card title="Sign in & SSO" icon="key" href="/account/sign-in-and-sso">
    Google, Microsoft, and enterprise single sign-on.
  </Card>

  <Card title="Settings & notifications" icon="gear" href="/account/settings-and-notifications">
    Organization settings and who gets alerted.
  </Card>
</CardGroup>
