Rank Cookbook
Platform
Esc

    Type to search the documentation.

    Teams & RBAC

    Create a team workspace, define roles and permissions, invite members, share agents and chats, and run everything against a single pooled AI budget.

    Why teams

    A team is a shared workspace. Pentests, agents and chats can belong to a team rather than an individual, so colleagues see the same engagements, triage the same findings and draw from one shared AI budget. Access inside a team is governed by role-based access control (RBAC): each member’s roles decide exactly what they can do.

    Teams are a paid feature. Only Pro (up to 2 teams) and Ultra (up to 5) users can create them, and every user-created team starts on the Business tier. Enterprise teams are set up by Rank for you. A team’s tier is independent of the owner’s personal tier — see Teams & tiers.

    Create a team

    1. From aleex-rank.ai, open Teams and click New team. Give it a name and description.

    2. The team is created on the Business tier with billing status payment pending — team features stay locked until the first payment.

    3. As the owner, complete checkout (or start a trial) from Billing. Once payment succeeds the team becomes active and fully operational. See Billing.

    The member who creates a team is its owner. The owner is responsible for the subscription and always has full access, regardless of roles.

    Roles and permissions

    Inside a team you define roles, each carrying a set of permissions, and assign roles to members. This is how you grant least-privilege access — for example a “Triager” role that can resolve and comment on findings but not delete pentests, or a “Viewer” role that can only read.

    From a team’s Roles screen you can:

    • Create, edit and delete roles, each with a name and colour.
    • Add or remove individual permissions on a role.
    • Assign a role to a member or remove it, and inspect which roles a member holds.
    • Restore a deleted role, or force-delete it permanently.

    When a member makes a request, the platform checks, in order: does the team’s plan include the feature (a feature gate), and does the member’s role grant the permission (the role check). The owner bypasses the role check entirely. Because features are gated by the team’s tier, some capabilities — like webhooks — are only available on higher tiers even if a role would otherwise allow them.

    Roles always live inside a team. There is no standalone role management; everything is under the team that owns it.

    Invite members

    1. Open the team’s Members screen and choose Invite.

    2. Enter the invitee’s email and (optionally) the roles they should receive.

    3. The invitation is sent by email. You can resend or cancel a pending invitation from the same screen.

    4. The invitee accepts from their own Invitations list, and joins the team with the roles you assigned.

    A team’s size is capped by its tier — Business allows up to 10 members, Enterprise is unlimited. Members can leave a team, and the owner can remove members or transfer ownership to another member (which also moves billing responsibility).

    Share agents and chats

    Teams make your work reusable:

    • Agents can be owned by a team, so every member can use the same custom agents — with their tools and MCP servers — in pentests and chats. Admins manage which agents belong to the team.
    • Chats can be shared into a team from any conversation, so a discussion or investigation becomes visible to the whole team. You can unshare from one team or from all of them. See Chat.
    • Branding can be set on a team so the pentest PDF reports its members generate carry the team’s logo and colours. See the Branding API.

    The shared AI budget

    Every pentest and operation consumes AI model usage, measured in dollars. A team runs against a single pooled budget rather than each member’s personal allowance:

    • On Business, the pool is computed automatically as a per-member allowance multiplied by the number of members, and it recalculates whenever someone joins or leaves.
    • On Enterprise, the budget is set for the team (and may be unlimited).

    When usage stays under the pool it’s included; beyond it, the team either blocks further usage or — if on-demand is enabled by the owner — keeps running and bills the overage. Owners can monitor consumption per member and across the team, and toggle on-demand from the team’s usage screens. Full details are in Billing and the Billing & usage API.

    Where to go next

    Billing

    Activate the team, manage its plan and track the shared budget.

         Teams & tiers

    Understand the tier limits that shape what a team can do.

         Teams API

    Manage teams, roles and members over HTTP.