# Teams and People

## What this is

This page explains how to manage team spaces, workspace members, and invites in Hookshot™.

## When to use it

Use it when onboarding teammates, changing team ownership, or reviewing access boundaries for Proteges.

## What you need first

* Access to **Settings**
* Permission to manage workspace membership

## Roles and permissions

### Workspace roles

| Role       | Who has it                                                  | What they can do                                                                         |
| ---------- | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| **Owner**  | The person who created the workspace (set during bootstrap) | Everything an admin can do, plus manage billing and grant SE access                      |
| **Admin**  | Assigned by an owner when inviting                          | Manage teams, people, integrations, Protege configuration, workspace settings, SE access |
| **Member** | Default role for new invites                                | View teams, integrations, Event Feed, Audit; create and edit Proteges within their teams |

{% hint style="info" %}
Owners and admins are treated equivalently for most workspace operations. The main difference is that owners are the initial workspace creators and have irrevocable access to billing.
{% endhint %}

### Team roles

| Role       | What it means                                                                                                                       |
| ---------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| **Lead**   | Accountable for the team. Leads appear in team membership lists and can review team-scoped changes. Initial owner is always a lead. |
| **Admin**  | Can manage team membership and settings (reserved for future use).                                                                  |
| **Member** | Standard team participant with access to team-scoped resources.                                                                     |

## Steps

### 1. Manage teams

From **Settings → Teams**, you can:

* Review all teams
* Add a team
* Rename a team
* Remove a team (except the default team)
* Switch the active team context

Every workspace has a **default team** (named "General" by default) that is created automatically when the workspace is bootstrapped. The default team cannot be deleted.

#### Team scoping

Resources in Hookshot™ are scoped to teams:

* Proteges belong to a team
* Skills belong to a team
* Integrations and their credentials are scoped per team
* Event Feed entries are associated with teams

Switching your active team changes which resources you see. Always confirm you are in the correct team context before creating or editing resources.

#### Removing a team

When you remove a team:

* All Proteges owned by that team are deleted (cascade)
* All team memberships are removed
* All integrations and feeds owned by that team are deleted
* Pending invites targeting that team remain but lose their team assignment

{% hint style="warning" %}
Deleting a team is a destructive action. Review all Proteges, integrations, and pending writes owned by the team before proceeding.
{% endhint %}

### 2. Manage people

From **Settings → People**, you can:

* Invite a person by email
* Choose an initial team and workspace role (Member or Admin)
* Review accepted members and their workspace role badges
* Review pending invites with their target team and expiry
* Update which teams a person belongs to

#### Inviting a member

1. Enter the email address
2. Select the initial team
3. Choose the workspace role (Member or Admin)
4. Send the invite

The invitee receives an invitation email. When they accept, they are automatically added to the workspace and the selected team with the specified roles.

#### Seat limits

Each plan includes a set number of team seats. Hookshot checks the seat count (accepted members + pending invites) before allowing new invites. If the limit is reached, you need to upgrade the plan or remove existing members before inviting new ones.

See [Billing and Usage](/workspace-settings/billing.md) for more on plan limits.

#### When a member leaves

When a workspace member is removed or leaves:

* Their team memberships are removed
* Personal integration connections they owned become orphaned — the credential survives but can no longer be resolved for any active user
* If they were the default personal connection for unattended runs, those runs will fail until another connection is configured
* Team connections are unaffected
* Proteges owned by their teams continue running normally

{% hint style="warning" %}
Before removing a member, review whether any Proteges rely on their personal connections. Replace personal connections with team connections for any production workflows before removing the member.
{% endhint %}

### 3. Keep ownership clear

For each live Protege, make sure:

* A team owns it
* The right people can review Audit and Event Feed
* Changes are visible to the people responsible for support

{% hint style="warning" %}
Avoid orphaned automations. A Protege should always have a clear team boundary and at least one accountable owner.
{% endhint %}

### 4. Active team switching

Your active team determines which Proteges, skills, integrations, and events you see in the dashboard. Switch teams using the team selector in the navigation.

Your active team is remembered across the session, so all resource queries are automatically scoped to the selected team.

### 5. Sandbox workspace restrictions

Sandbox workspaces inherit team and people administration from their linked production workspace. In a sandbox:

* You cannot invite new people
* You cannot create, rename, or delete teams
* Team membership is inherited from the production workspace
* SE access must be provisioned separately — granting SE access in the production workspace does not grant it in the sandbox

See [Environments and Sandbox](/workspace-settings/environments-and-sandbox.md) for the full environment documentation.

## How to verify

* The intended teammate appears in the right team
* Pending invites match your expectations
* Team boundaries align with Protege ownership
* The active team context matches the Proteges and integrations you are reviewing
* Personal connections for departing members have been replaced with team connections

## Common failures

* Inviting a user to the wrong team
* Treating workspace access as the same thing as workflow ownership
* Deleting or changing teams without reviewing Protege ownership
* Editing team access while viewing the wrong active team
* Relying on a personal connection for a production Protege
* Not reviewing connection ownership before removing a team member

## Next step

* [Environments and Sandbox](/workspace-settings/environments-and-sandbox.md)
* [Workspace settings](/workspace-settings.md)
* [Security and permissions](/workspace-settings/security-and-permissions.md)
* [Billing and Usage](/workspace-settings/billing.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitbook.tryprotege.com/workspace-settings/teams-and-people.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.