Sign inGet started

Team & roles

Invite colleagues into your organization and control who can touch credentials, fiscal configuration, and team settings.

Two roles in your organization

Every member of an organization has one of two roles. The role decides who can touch credentials, team settings, and fiscal/legal configuration.

FieldTypeDescription
adminper organizationFull control of the organization: members, credentials, and all fiscal/legal configuration. The person who creates the organization is its first admin, and can promote other members to admin.
memberper organizationDay-to-day access to the organization's ordinary resources, without the ability to manage credentials, team settings, or legal/fiscal configuration.
Detail
Your role is per workspace — you might be an admin of one organization and a plain member of another. The role that applies is always the one for your active organization.

What organization admins can do

Organization admins manage everything members cannot:

  • invite members and revoke or change member roles;
  • configure the legal profile and legal issuers (the seller entities) and their tax registrations;
  • create and revoke API keys;
  • read the API request log (GET /v1/orgs/me/request-log — API-only; there's no dashboard screen for it);
  • run fiscal issuance — issue invoices, credit notes, and self-billed documents;
  • wipe test data;
  • set per-property issuer defaults (this is fiscal configuration, so it's admin-gated).

What members can do

Members work with the active organization's ordinary resources — calculating tax, creating and viewing properties and bookings, browsing jurisdictions and reports. They cannot manage credentials, team settings, or legal/fiscal configuration. In particular, members can't invite people, change roles, manage API keys, edit the legal profile or issuers, view the request log, run issuance, or wipe test data.

Note
Why so strict? Those gated actions either expose secrets (API keys, request logs) or affect legally binding fiscal documents (issuance, issuer configuration). Keeping them admin-only is a safeguard, not an upsell.

Inviting a member

  1. 1
    Open team settings as an admin

    Invitations are managed by organization admins from the team area.

  2. 2
    Enter an email and choose a role

    Invite by email address and pick admin or member. The invitation is token-based and expires after a set time; you can resend or revoke a pending invite.

  3. 3
    The invitee accepts

    The recipient follows the link to join. If they already have a TaxLens account, accepting never overwrites their existing password — they sign in to claim the invitation instead.

Changing roles and revoking access

Admins can promote a member to admin or demote an admin back to member at any time, and can revoke a member's access entirely. Revocation takes effect immediately for dashboard sessions: because every JWT-authenticated request re-reads the member's current active organization from the database, a removed member loses access on their very next request rather than waiting for their token to expire.

Tip
API keys are bound to the organization, not to the person who created them — so an individual losing access doesn't silently break a running integration. Manage keys deliberately from API keys.

See how each persona typically structures their team in Property managers and OTAs.

PreviousTest vs live modeNext Legal issuers & tax registrations