Developer Console
Unified model routing API
TeamRBAC

Team and Organization Access

OneAI already has organization membership and role foundations. This page turns that structure into a customer-facing enterprise access model without changing existing APIs.

Operator customers

Organization

-

Current customer org

Your role

-

Sign in to load

Plan

-

inactive

Active keys

0

0 total keys

Live Members

Members loaded from the current organization membership table.

Invite or update member

Owner-only action. The member is attached to this organization and all changes are audit logged.

MemberRoleJoinedActions
No members loaded.

Live Access State

Current organization permissions and usage footprint.

Requests
0
Model cost
$0.00
Production keys
0
Tokens
0
Create keysLocked
Manage billingLocked
Review proofLocked
Manage membersLocked

Owner

Owns the organization, billing relationship, plan policy, and final approval for production access.

Billing control
API key policy
Member role changes
Agent OS proof review

Admin

Operates customer-facing infrastructure with high-trust access to keys, usage, and support workflows.

Create keys
Review usage
Manage model policy
View audit events

Member

Builds and tests against approved tasks, models, and API keys without changing organization policy.

Use approved keys
Run playground tests
View own usage
Read docs

Viewer

Reads dashboards, invoices, execution records, and audit trails without changing production state.

Read-only usage
Read-only billing
Read-only executions
Read-only docs

Permission Matrix

Default enterprise permissions for customer organizations.

CapabilityAllowed roles
Create API keysOwner / Admin
Set budgets, RPM, IP allowlistsOwner / Admin
Change billing planOwner
View invoicesOwner / Admin / Viewer
View usage and costsOwner / Admin / Member / Viewer
Run commercial tasksOwner / Admin / Member
Review Agent OS proofOwner / Admin
Change member rolesOwner

Enterprise Rollout State

What is already true, and what should remain explicit.

1

Organization, membership, and role data already exist in the backend.

2

Current console access is protected by Google/console login and operator checks.

3

Next enterprise step is self-serve invite, remove, and role-change workflows.

4

Role changes, key changes, billing changes, and failed requests should remain audit logged.

Commercial Boundary

Team permissions govern access to OneAI intelligence infrastructure. Execution stays outside OneAI.

Keys

Per-key policy can control budgets, RPM, IPs, task allowlists, and model allowlists.

Audit

Login, key, billing, request, failure, and Agent OS events are designed to be traceable.

Legal docs

SLA, DPA, invoices, terms, and privacy documents are linked from Docs, Security, and Billing.