Which roles can manage members, keys, billing, and AI settings at org and team scope.
Roles
Scoped
Teams
Controlled
Review
Audit logs
New capabilities
Give each user only the access their role needs across members, teams, keys, and billing, instead of making everyone an admin to get work done.
Owner
Full access
Manage organization settings and billing.
Admin
Team access
Manage teams, keys, and members.
Member
Limited
Use approved keys and views.
Keep finance out of model config and engineers out of billing by scoping each set of actions to the right role — the separation of duties your security review will ask about.
Assign roles at the organization level for company-wide access, then scope team roles so a team lead manages only their team's members and keys, without inheriting org-wide permissions.
Pair roles with audit logs so a permission change always has an actor, a timestamp, and the resource it touched.
Who Concentrate is designed for
Role-based access control decides who can invite members, manage keys, change model policy, view billing, and edit security settings. Pair it with SSO for identity and audit logs for proof when roles change.
Separate finance, leadership, and engineering duties so no single role owns every sensitive action.
Scope team roles so a support lead manages support keys without touching another team's settings.
Give billing visibility without opening model configuration or key secrets to every finance user.
Feature basics
Audit logs show when roles or access changed, not just who has access today.