Skip to main content
Open Members in the dashboard to see everyone who can access the organization. Each row shows a person, their Org role, when they joined, and their account status. Owners and admins manage access from here; members can view the roster.

Roles

Novacula has three organization roles:
RoleWhat it can do
MemberRead-only. View executors, nodes, metrics, logs, and their own audit activity (the full organization audit log is owner/admin only).
AdminEverything a member can, plus deploy, update, and delete nodes; connect and remove executors; request upgrades; manage labels; invite members; manage other members.
OwnerFull control, including assigning admins. Each person can own only one organization.
Role changes take effect on the member’s next request — they don’t need to sign out and back in.

Invite a member

On Members, select Invite member, then:
  1. Enter the invitee’s Email.
  2. Choose a Role. Owners can invite an Admin or a Member; admins can invite a Member only. Owner can’t be assigned by invitation.
  3. Select Send invitation.
The invitee gets an email with an accept link. If they already have a Novacula account, accepting adds them to this organization; if not, the link lets them create an account first. Invitations expire — if one lapses before it’s accepted, invite the person again.

Manage pending invitations

Invitations that haven’t been accepted appear under Pending invitations with a Pending or Expired status. From the row’s actions menu (owners and admins):
  • Copy link — copy the accept link to share directly.
  • Resend email — send the invitation email again.
  • Cancel — revoke the invitation so the link no longer works.

Change a member’s role

Open a member’s row to go to their profile, then use the Organization access card to pick a new Organization role and select Save access.
  • Owners can promote a member to admin and demote an admin to member.
  • Admins can manage members, but can’t promote anyone to admin or change another admin or the owner.
  • Members can’t change roles.
You can’t change your own role here.

Block or remove a member

On a member’s profile, the Account access card lets you Block member. Blocking restricts the person’s access to this organization — it signs out their active sessions immediately and prevents them from signing back in to it. You can record an optional reason. Owners can block any non-owner; admins can block members. A blocked person still appears in the roster with a Blocked badge. To bring them back, select Restore on their row (or Restore member on their profile) — they rejoin with their previous role. Restoring does not recreate their old sessions. Owners can also Remove a non-owner member from the profile header.

What happens when a member loses access

  • Their sessions for this organization end within seconds.
  • API keys stay valid — they belong to the organization, not to the person who created them. Rotate any keys a departing member generated; see API keys.
  • Their entries in the audit log remain for the record.

Audit

Every invitation, role change, block, restore, and removal is recorded in the audit log with the actor, the target, and a timestamp.