oCoreoCore Docs
Admin Guide

Team Management

Invite members, manage teams, handle invitations, and control member access.

Team management in oCore covers inviting new members, managing the member list, assigning roles, handling invitation links, and removing members. All members belong to an organization and have a role that determines their permissions.

Team Members

View and manage your organization's team members.

Open in Dashboard

Inviting Members

There are two ways to invite people to your organization:

Email Invitations

Send a direct invitation email to a specific person:

Navigate to Settings > Members and click Invite Member.

Enter the invitee's email address and select a role to assign.

Click Send Invitation. The invitee receives an email with a link to accept.

curl -X POST https://ocore.example.com/api/members/invite \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "developer@example.com",
    "roleId": "ROLE_UUID"
  }'
ocore member invite --email developer@example.com --role ROLE_UUID

Invitation Properties

FieldDescription
emailThe invitee's email address
statuspending, accepted, expired, or cancelled
roleThe role assigned to the invitee upon acceptance
invitedByWho sent the invitation
expiresAtWhen the invitation expires

Create a reusable invitation link that multiple people can use to join:

curl -X POST https://ocore.example.com/api/invite-links \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "roleId": "ROLE_UUID",
    "maxUses": 10,
    "expiresInDays": 7
  }'
ocore invite-link create --role ROLE_UUID --max-uses 10 --expires-in-days 7
FieldDescription
codeUnique invite code
urlFull URL for sharing
roleRole assigned to anyone who accepts
maxUsesMaximum number of times the link can be used (0 = unlimited)
useCountHow many times the link has been used
expiresAtWhen the link expires

Link Security

Invite links grant access to anyone who has them. Set appropriate maxUses and expiresInDays limits, and delete links when no longer needed. Assign the minimum required role.

Managing Invitations

# List pending invitations
curl https://ocore.example.com/api/invitations \
  -H "Authorization: Bearer $TOKEN"

# Cancel an invitation
curl -X DELETE https://ocore.example.com/api/invitations/{invitationId} \
  -H "Authorization: Bearer $TOKEN"

# List invite links
curl https://ocore.example.com/api/invite-links \
  -H "Authorization: Bearer $TOKEN"

# Delete an invite link
curl -X DELETE https://ocore.example.com/api/invite-links/{linkId} \
  -H "Authorization: Bearer $TOKEN"

Managing the Member List

Viewing Members

curl https://ocore.example.com/api/members \
  -H "Authorization: Bearer $TOKEN"
ocore member list

Each member entry includes:

  • User ID and email
  • Assigned role (with permissions)
  • Join date
  • Last active date

Updating a Member's Role

Change a member's role to adjust their permissions:

curl -X PUT https://ocore.example.com/api/members/{memberId}/role \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"roleId": "NEW_ROLE_UUID"}'
ocore member update-role <member-id> --role NEW_ROLE_UUID

Role Changes Take Effect Immediately

When you change a member's role, their permissions update on the next API request. Active sessions do not need to be refreshed.

Removing Members

Remove a member from the organization. They lose access to all resources immediately.

curl -X DELETE https://ocore.example.com/api/members/{memberId} \
  -H "Authorization: Bearer $TOKEN"
ocore member remove <member-id>

Cannot Remove the Owner

The organization Owner cannot be removed. Ownership must be transferred to another member first (if applicable).

Bulk Operations

For organizations with many members, oCore supports bulk operations:

  • Bulk role assignment -- Change roles for multiple members at once
  • Bulk removal -- Remove multiple members in a single operation

Bulk operations are tracked as background jobs with progress reporting. See Monitoring for operation tracking.

Bulk Member Operations

Manage multiple team members at once.

Open in Dashboard

Member Lifecycle

The typical member lifecycle in oCore:

Invitation Sent -> Invitation Accepted -> Active Member -> (Role Changes) -> Removed

Invitation Flow

  1. Admin sends invitation (email or link)
  2. Invitee receives notification
  3. Invitee signs up (if new) or logs in
  4. Invitee accepts the invitation
  5. Member is added with the assigned role

Accepting an Invitation

Members accept invitations via the link in the email or the invite URL:

# Accept email invitation
curl -X POST https://ocore.example.com/api/auth/accept-invite \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"token": "INVITATION_TOKEN"}'

# Accept invite link
curl -X POST https://ocore.example.com/api/auth/accept-invite-link \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"code": "INVITE_CODE"}'

Required Permissions

All team management operations require the manage:members permission. By default, the Owner and Admin roles have this permission.

ActionPermission
View member listAny authenticated member
Invite membersmanage:members
Change member rolesmanage:members
Remove membersmanage:members
Manage invite linksmanage:members
Cancel invitationsmanage:members

Troubleshooting

Invitation email not received

  • Check the invitee's spam/junk folder
  • Verify the email address is correct
  • Ensure SMTP is configured in the oCore deployment (see Self-Hosting)
  • Check the invitation status -- it may have already been accepted
  • The link may have expired (expiresAt passed)
  • The link may have reached its maxUses limit
  • The link may have been deleted by an administrator
  • Create a new invite link if the old one is invalid

Member cannot access resources after role change

  • Role changes take effect immediately -- the member may need to refresh their browser
  • Verify the new role has the required permissions
  • Check project-level access if using per-project access control

Cannot remove a member

  • You cannot remove yourself if you are the only Owner
  • Verify you have the manage:members permission
  • Check that the member is not the organization Owner

Too many pending invitations

  • Review and cancel expired or unnecessary invitations
  • Set shorter expiration times on future invitations
  • Use invite links instead of individual emails for large groups
Was this page helpful?
Edit on GitHub

Organizations

Create and manage organizations, configure settings, branding, and multi-org support.

Roles and Permissions

Configure RBAC with default roles, custom roles, and granular permission management.

On this page

Inviting MembersEmail InvitationsInvitation PropertiesInvite LinksInvite Link PropertiesManaging InvitationsManaging the Member ListViewing MembersUpdating a Member's RoleRemoving MembersBulk OperationsMember LifecycleInvitation FlowAccepting an InvitationRequired PermissionsTroubleshootingInvitation email not receivedInvite link not workingMember cannot access resources after role changeCannot remove a memberToo many pending invitations