Role Definitions
Here’s a summary of the available roles and their intended use cases.Owner
Best for: The primary account holder or a small number of designated leaders.Owners have unrestricted access to all settings, including billing, member management, and security configurations. To maintain tight control over the organization, the number of Owners should be kept to a minimum.
Admin
Best for: Team leads or IT administrators who need to manage users and configurations.Admins can invite, edit, and remove members, as well as manage provider configurations. They have broad access but cannot manage billing or change the Owner. This is a suitable role for trusted team managers.
Member
Best for: Most developers and individual contributors.Members can use Cline with the organization’s shared resources but cannot change any settings or view other users’ activity. This is the safest default role for new users.
Permissions Matrix
For a detailed comparison, this matrix outlines the specific capabilities of each role.| Permission | Member | Admin | Owner |
|---|---|---|---|
| General Usage | |||
| Use Cline | ✅ | ✅ | ✅ |
| Access Shared API Providers | ✅ | ✅ | ✅ |
| Member Management | |||
| View Members | ❌ | ✅ | ✅ |
| Invite New Members | ❌ | ✅ | ✅ |
| Edit Member Roles | ❌ | ✅ | ✅ |
| Remove Members | ❌ | ✅ | ✅ |
| Remove Admins | ❌ | ❌ | ✅ |
| Configuration | |||
| Configure API Providers | ❌ | ✅ | ✅ |
| Manage Security Settings | ❌ | ❌ | ✅ |
| Billing & Ownership | |||
| View Billing Information | ❌ | ❌ | ✅ |
| Manage Subscription | ❌ | ❌ | ✅ |
| Transfer Ownership | ❌ | ❌ | ✅ |
Role Management Best Practices
Effective role management is fundamental to securing your organization.- Apply the Principle of Least Privilege: Always assign the role with the minimum necessary permissions. Most users should be Members. Grant Admin rights only to those who are responsible for user management or technical configuration.
- Limit the Number of Owners: The Owner role should be reserved for one or two key individuals who control the account and billing. This centralization of power prevents accidental or malicious changes to critical settings.
- Regularly Audit Roles: Periodically review the list of Admins and Owners to ensure the assigned roles are still appropriate. When a team member’s responsibilities change, adjust their role accordingly.
Identity Providers and Domain Verification
For a user to successfully join and sign in to your organization, two conditions must be met:- Their email must be managed by your organization’s verified Identity Provider (IDP), such as Microsoft Entra ID, Okta, or AWS.
- Your organization must have a verified domain with a provider like Google or Microsoft.
Seat Management and Invitations
Each user in your organization, regardless of role, consumes one seat from your license.- When an invitation is sent, a seat is considered “pending.”
- If an invited user does not accept, the invitation can be revoked to free up the seat.
- Removing a member from the organization immediately frees up a seat.