Role-Based Access Controls in ByteRover

Overview

ByteRover implements a hierarchical role-based access control (RBAC) system with two primary levels: Teams and Spaces. This system ensures secure, granular access management across your ByteRover deployment.

Key Concepts

  • Teams: The top-level entity that represents your team or company. All users must belong to a team.
  • Space: Individual spaces within a team where memory data and configurations are stored.
  • Roles: Hierarchical permission levels (Owner, Admin, Member) that determine what actions users can perform.

RBAC Overview Diagram

Team
├── Owner (Level 3)
├── Admin (Level 2) 
├── Member (Level 1)
└── Spaces
    ├── Space A
    │   ├── Space Owner/Admin/Member
    │   └── Inherited from Team Role
    └── Space B
        ├── Space Owner/Admin/Member
        └── Inherited from Team Role

How to Access Teams and Spaces

[Image Placeholder - Screenshot showing navigation to teams and spaces] Navigate to your team settings to manage team members and access individual spaces within your team.

Roles and Scopes

Team-Level Roles

Owner

Scope: Full team control
  • Create and manage spaces
  • Update and delete team settings
  • Manage all team members (create, update, delete)
  • Access billing and subscription management
  • All admin and member permissions

Admin

Scope: Administrative management
  • Create and manage spaces
  • Update team settings
  • Manage team members (create, update, delete)
  • All member permissions

Member

Scope: Basic access
  • View team members
  • Access assigned spaces based on space-level permissions

Space-Level Roles

Space Owner

Scope: Full space control
  • Read, update, and delete space settings
  • Manage space members (create, update, delete)
  • Full memory management (edit, delete)

Space Admin

Scope: Space administration
  • Read and update space settings
  • Manage space members (create, update, delete)
  • Full memory management (edit, delete)

Space Member

Scope: Standard space access
  • Read space information
  • View space members
  • Memory operations (edit, delete)

Managing Users

Adding a New User to a Team

  1. Navigate to your team settings
  2. Click “Invite team member”
  3. Enter the user’s email address
  4. Select their team role (Owner, Admin, or Member)
  5. Optionally assign specific space-level roles (this is only available in team plan)
  6. Send the invitation
The user will receive an email invitation to join your team. Once accepted, they’ll have access according to their assigned role.

Changing User Roles

  1. Go to the Members section in your team settings
  2. Find the user whose role you want to change
  3. Click on their current role dropdown
  4. Select the new role
  5. Save the changes
Note: You cannot assign a role higher than your own. The last Owner of a team cannot be removed or demoted until another Owner is appointed.

Managing Spaces

Adding a New Space

  1. Navigate to your team dashboard
  2. Click “Create Space”
  3. Enter the space name and description
  4. Configure initial settings
  5. Assign team members with appropriate space-level roles
  6. Create the space
New spaces inherit team-level member access by default, but you can customize individual space permissions as needed.

Space-Level Roles

Where is this feature available?

PlanAvailability
HobbyNot Available
ProNot Available
Team✅ Available
Users by default inherit the role of the team they are part of. For more fine-grained control, you can assign a user a role on the space level. This is useful when you want to differentiate permissions for different spaces within the same team. Key behaviors:
  • If a space-level role is assigned, it will override the team-level role for that specific space
  • If you want to give a user access to only certain spaces within a team, you can set their team role to Member and then assign them specific roles on individual spaces
  • Space-level roles only apply to that particular space and do not affect team-level permissions

Role Inheritance

Team Role → Space Role (if not specified)
Team Member → Space Member (default)
Team Admin → Space Admin (default)  
Team Owner → Space Owner (default)

Override Example:
Team Member + Space Owner Role = Space Owner permissions for that space
This flexible system allows for precise access control while maintaining simple default behaviors for most use cases.