Access Control
Manage team roles, permissions, and environment-level access in Flagpool
Flagpool provides role-based access control (RBAC) to manage who can view, edit, and manage feature flags within a project.
Team members
Each Flagpool project has a team. Team members are invited by email and assigned a role that determines what they can do.
Member limits by plan
| Plan | Team members |
|---|---|
| Hobby | 1 (owner only) |
| Starter | Up to 5 |
| Pro | Up to 15 (additional seats available as add-ons) |
| Enterprise | Unlimited |
Roles
| Role | Description |
|---|---|
| Owner | Full access. Can manage billing, delete the project, and manage all team members. One owner per project. |
| Admin | Can manage flags, environments, targeting rules, and team members. Cannot manage billing or delete the project. |
| Member | Can create and edit flags and targeting rules. Cannot manage environments, team settings, or billing. |
| Viewer | Read-only access. Can view flags and configurations but cannot make changes. |
Permission matrix
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View flags | ✅ | ✅ | ✅ | ✅ |
| Create / edit flags | ✅ | ✅ | ✅ | ❌ |
| Toggle flags on/off | ✅ | ✅ | ✅ | ❌ |
| Manage targeting rules | ✅ | ✅ | ✅ | ❌ |
| Manage target lists | ✅ | ✅ | ✅ | ❌ |
| Create environments | ✅ | ✅ | ❌ | ❌ |
| Regenerate API keys | ✅ | ✅ | ❌ | ❌ |
| Invite / remove members | ✅ | ✅ | ❌ | ❌ |
| Change member roles | ✅ | ✅ | ❌ | ❌ |
| View audit logs | ✅ | ✅ | ✅ | ✅ |
| Manage billing | ✅ | ❌ | ❌ | ❌ |
| Delete project | ✅ | ❌ | ❌ | ❌ |
Inviting team members
- Navigate to Settings → Team in your project
- Click Invite Member
- Enter the email address and select a role
- The invitee receives an email with a link to join the project
Pending invitations can be revoked before they are accepted.
Managing members
Changing roles
- Go to Settings → Team
- Find the team member
- Select a new role from the dropdown
- The change takes effect immediately
Removing members
- Go to Settings → Team
- Click Remove next to the member
- Confirm the removal
Removed members immediately lose access to the project. Any API keys they created remain valid — regenerate keys if needed.
API key security
Each environment has its own API key. API keys provide SDK-level access (read-only flag configurations).
| Key type | Purpose | Format |
|---|---|---|
| API Key | SDK authentication, flag fetching | env_<64-char-hex> |
| Decryption Key | CDN URL hashing, target list decryption | tlk_<hex> |
Best practices
- Never commit keys to source control — use environment variables or a secret manager
- Rotate keys after team changes — regenerate keys when a member with access leaves
- Use different keys per environment — Development and Production should always use separate credentials
- Limit who can regenerate keys — only Owners and Admins can regenerate API keys
Audit logs
All access control changes are recorded in the audit log (Pro plans and above):
- Member invited / removed
- Role changed
- API key regenerated
- Environment created / deleted
This gives you a complete trail of who changed what and when.
Protected environments (Pro+)
On Pro and Enterprise plans, you can mark environments as protected. Protected environments require an approval workflow before flag changes take effect:
- A team member proposes a change to a flag in the protected environment
- An Admin or Owner reviews and approves the change
- Only after approval does the change publish to the CDN
This adds a safety net for production environments where accidental changes could impact users.
Next steps
- Security Overview — encryption and privacy architecture
- Environments — environment-specific credentials
- Pricing — plan features and limits