Team

People, roles and the sub-organizations that isolate them. A dev house keeps each client under its own sub-org; an indie team sees one implicit group.

Roles are per-module RBAC.
A member's role is set per module (Builds, Signing, Publishing, Billing) and scoped to a sub-org. Owner covers everything; Manager, Developer and Viewer narrow it. A Nordic-scoped member never sees Acme apps or credentials.
Sub-organizations 3
A
Acme Corp
Own Apple & Google accounts · default sub-org
5 members 3 apps Isolated
N
Nordic Retail
Separate signing, hidden from other sub-orgs
3 members 2 apps Isolated
I
Internal
Staff tooling, no external distribution
2 members 1 app Isolated
Sub-org: All
Role: Any
Members 6
C
Can Tasci
tascican@gmail.com
All sub-orgsOwner
D
Deniz Yılmaz
deniz@acme.io
Acme CorpManager
E
Ece Kaya
ece@acme.io
Acme CorpDeveloper
J
Jonas Berg
jonas@nordic.se
Nordic RetailManager
A
Aylin Şahin
aylin@nordic.se
Nordic RetailDeveloper
M
Mert Demir
mert@acme.io
InternalViewer
Pending invitations 2
newdev@acme.io
Invited 2 days ago by Deniz · awaiting accept
Acme CorpDeveloper Pending
qa@nordic.se
Invited 5 days ago by Jonas · awaiting accept
Nordic RetailViewer Pending

 An invitation only creates membership once accepted, never a silent direct-add. Roles are enforced per module and per sub-org, so scope stays least-privilege by default.