Skip to main content
QuoteBase Logo
QuoteBase
Back to HomeGet Started
Back to Help Center

Team & Permissions

Invite team members and assign role-based access

10 min read
Beginner
1

Role-Based Access Control (RBAC)

QuoteBase uses 4 roles with different permission levels. Choose the role based on what each team member needs to do.

Available Roles

  • Owner - Full access, billing, can delete org (1 per org)
  • Admin - Manage settings, users, custom fields, API keys
  • Manager - Create/edit RFQs, invite suppliers, accept quotes
  • Buyer - Create/edit RFQs, view quotes (cannot accept)

Important

Owner role cannot be changed or transferred without contacting support. Choose wisely when creating your organization.

2

Invite Team Members

Add team members from Dashboard → Settings → Team. They will receive email invitations to join your organization.

  1. Go to Settings → Team Members
  2. Click "Invite Member" button
  3. Enter email address
  4. Select role (Owner, Admin, Manager, Buyer)
  5. Optionally: Add personal message
  6. Click "Send Invitation"
  7. Member receives email with signup link
  8. They create account and are added to org

Plan limits apply: Free plan = 3 users, Starter = 10, Professional = unlimited. Early access users get 3x bonuses.

3

Permission Matrix

Here's exactly what each role can do. All actions are org-scoped via Row Level Security (RLS).

Owner Permissions

  • Everything Admins can do, plus:
  • Manage billing and subscriptions
  • Delete organization
  • Transfer ownership (contact support)
  • View audit logs

Admin Permissions

  • Everything Managers can do, plus:
  • Create/edit custom field definitions
  • Manage team members (invite, remove, change roles)
  • Configure API keys
  • Edit organization settings

Manager Permissions

  • Everything Buyers can do, plus:
  • Accept/reject quotes (award RFQs)
  • Start multi-round negotiations
  • Mark suppliers as unverified
  • View analytics and reports

Buyer Permissions

  • Create/edit/delete own RFQs
  • Upload Excel files
  • Invite suppliers
  • View all org RFQs and quotes
  • Cannot accept quotes (Manager+ only)
4

Audit Trail

All RFQs and quotes track who created and last modified them. Use this for accountability and compliance.

Database columns: created_by, created_at, updated_by, updated_at. These are automatically populated via triggers and cannot be manually changed.

Pro Tip

All RFQs track audit information: created_by, created_at, updated_by, updated_at. Check RFQ details page for user history.

5

Remove Team Members

If someone leaves your organization, remove them to free up a seat (plan limits) and revoke access.

  1. Go to Settings → Team Members
  2. Find the user to remove
  3. Click "Remove" button
  4. Confirm removal
  5. User loses access immediately
  6. Their RFQs remain (owned by org, not user)

Important

Removing a user does NOT delete their created RFQs or quotes. Data is retained for audit purposes. Only soft delete is supported.

Back to Help Center
Team & Permissions - QuoteBase Help