Workspaces & Team

Roles & Permissions

Owner, admin, and member capabilities in a workspace.

Recurex uses three fixed roles. There is no custom permission editor.

Role hierarchy

owner > admin > member

Capability matrix

Capability	Owner	Admin	Member
Edit expenses, projects, budgets	✓	✓	✓
Invite / manage members	✓	✓
Rename workspace, integrations	✓	✓
Delete workspace	✓
Transfer ownership	✓
Manage billing (upgrade/cancel)	✓	✓

Assignable roles

Invites and role changes can only assign admin or member. The owner role is transferred explicitly via Transfer ownership in Settings.

Database enforcement

Expense CRUD is enforced at the database level via Supabase RLS — any org member can read and write workspace data. Administrative actions (invites, billing, renames) are checked in server actions.

Removing members

When a member is removed, their MCP/OAuth tokens for that workspace are revoked. If the removed workspace was their active one, current_org_id is cleared.

PreviousOverview NextInviting Members