Members and Roles

Membership in an organization is managed from Organizations → (your org) → Settings. This page covers how to invite users, what each role can do, and how granular per-member permissions work.

Inviting members

Inviting someone to the org sends them an email-addressed invitation that they accept from their Sigvault Inbox.

To invite a member:

Open the org and go to Settings.
In the Invites section, enter the invitee’s email address.
Choose a role (Admin or Member).
For Member invites, select the permissions the new member should have.
Send the invite.

The invitee will see the pending invite in their Inbox the next time they sign in (or immediately if they’re already signed in). They can Accept or Decline. Pending invites that aren’t accepted before their expiry are marked EXPIRED automatically.

You can revoke a pending invite at any time from the Invites section.

Roles

Sigvault has two roles inside an organization:

Role	What it can do
Admin	Full control over the organization — including managing members, settings, webhooks, and creating vaults.
Member	Whatever is granted by the explicit per-member permissions list (see below).

An Admin always has every permission implicitly. A Member starts with no permissions and is granted them individually.

Permissions

A Member’s capabilities come from an explicit list of permissions on their membership. Permissions are grouped by the resource they apply to.

Device permissions

Permission	Allows
`device:create`	Register a new device into the org’s device pool
`device:update`	Rename or update device metadata
`device:delete`	Remove a device from the org
`device:share`	Share or revoke device shares for devices the user owns
`device:remote_session`	Open a remote signing session against an org device

Wallet permissions

Permission	Allows
`wallet:create`	Build a new vault inside the org
`wallet:read`	View vault details, balances, and history
`wallet:update`	Edit wallet metadata
`wallet:delete`	Remove a vault from the org
`wallet:transactions:read`	View transaction history
`wallet:addresses:read`	View receive addresses

Transaction permissions

Permission	Allows
`draft_tx:create`	Initiate a new outgoing transaction (build a PSBT)
`draft_tx:cancel`	Cancel a pending draft transaction
`tx:sign`	Participate in the signing ceremony
`tx:broadcast`	Broadcast a fully-signed transaction

Organization permissions

Permission	Allows
`members:invite`	Send and revoke invites
`members:manage`	Add, remove, and change roles of existing members
`settings:manage`	Change organization settings
`webhooks:manage`	Configure outbound webhooks
`walletrs_agent:manage`	Manage walletrs agent bindings

Common permission presets

The dashboard provides presets that map to typical roles:

Viewer — read-only access (wallet:read, wallet:transactions:read, wallet:addresses:read)
Signer — can sign transactions but not initiate them (wallet:read, tx:sign)
Initiator — can build and broadcast transactions but not change membership (wallet:*, draft_tx:*, tx:*)
Custom — explicit checkboxes for each permission

You can always edit a member’s permissions later from the Members section.

Changing a member’s role or permissions

From Settings → Members, click the edit icon on any member row. You can:

Promote a Member to Admin (or demote an Admin to Member, as long as another Admin remains)
Change the permissions list for a Member
Remove the member from the org entirely

Permission changes take effect immediately on the next request from that user.

Leaving an organization

A member can remove themselves from an organization from Settings → Members → (your row) → Remove. The last remaining Admin cannot leave — they must promote someone else first.

Leaving an org does not delete or affect any wallets the org operates. Vaults built from your device’s key remain functional unless you also revoke the device share.