Skip to content

Team & RBAC

Organizations use Clerk for authentication. The Amlexia dashboard enforces roles on organization members stored in D1.

Roles

RoleTypical permissions
ownerFull org control, billing, delete org, manage all members
adminManage projects, alerts, settings, invite members
memberView dashboards, create saved views; limited admin actions

Exact rules are enforced in the API worker (requireOrgAccess).

Managing members

  1. Open app.amlexia.comSettingsTeam
  2. View members (Clerk user IDs and roles)
  3. Change roles (owner/admin only)

New users join via Clerk organization invites — Amlexia provisions rows on first API access and via the Clerk webhook.

API

MethodPath
GET/api/team/members
PATCH/api/team/members/:id (role)
DELETE/api/team/members/:id

Requires Authorization: Bearer <Clerk JWT> and active organization context.

SDK keys vs team access

  • SDK keys are per-project ingest credentials — they do not grant dashboard login.
  • Clerk JWT grants dashboard/API access — never embed in apps or mobile clients.