Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nudj.cx/llms.txt

Use this file to discover all available pages before exploring further.

Team members are the humans who have admin access to your org’s Control Room. Each member has a role that controls what they can see and do.

Roles

5-role hierarchy (see Roles & Permissions for the full matrix):
LevelRoleSummary
0ViewerRead-only across every subject
1ModeratorModerate comments, posts, users
2ManagerFull CRUD on content (challenges, rewards, posts, achievements)
3AdminFull org management — users, config, everything except delete Org
4SuperAdminGod mode — full CRUD on every subject
Creator and Analytics roles were renamed in #1865. If you see these in older references, they map to Manager (Creator) and Viewer (Analytics).

Inviting a team member

Open Team Members

Organisation Settings -> Team Members.

Click Invite

The Invite button is visible to Managers and above (#1946 — requires update permission on the Team subject).

Enter email + role + scope

Email + role + org-wide or community-scoped. Picking a community limits that member to seeing that community’s content.

Send invite

Nudj emails an invite link. The recipient signs in and is auto-assigned the role.

Role scope

Roles are either org-level (see everything) or community-scoped (see one specific community): 
orgId-{id}:role-{role}                    ← org-level
orgId-{id}:comId-{id}:role-{role}         ← community-scoped
role-super-admin                           ← global superadmin (platform-wide)
Switch scope when editing a member’s role.

Per-user tokens

Each member has a personal access token (#1816) used for admin API calls and scripted automation. Managers and above can view their own token; Admins can revoke any member’s token. Token revocation signs the member out immediately everywhere.

RBAC enforcement

Roles are enforced at two layers:
  • Client-side (#1864) — UI hides buttons/fields the member can’t use. Nav links don’t show for subjects they can’t read.
  • Server-side (#1875) — every API call validates the role against the subject + action. Client-side restriction is UX; server-side is security.
See Roles & Permissions.

Removing a team member

Open their row in the Team Members list -> remove. Their access ends immediately (token revoked, session invalidated).
Removing a member does not delete their content. Challenges, rewards, posts they created remain under their authorship — flag as orphaned if needed.

Settings-page housekeeping

Org settings were cleaned up / consolidated in #1312 — if you’re on an older build, some old items may have moved. The current structure follows the Customisation / User Access / Content & Data / Advanced taxonomy.