Upchain should provide Admins with the ability to define which user roles are permitted to add or remove users from a Project Team. This enhancement would allow for more granular control over team composition and access rights, tailored to the unique needs of each project.
Rationale:
Currently, any user with a Professional license—even if assigned a Viewer role within a project—can add other users to the Project Team. This behavior undermines permission integrity and poses a risk in environments requiring strict access controls, such as those subject to SOX Compliance or other external audits.
By enabling Admins to configure role-based permissions for team management, Upchain can:
- Strengthen internal governance and security.
- Prevent unauthorized user additions.
- Align with compliance requirements and audit expectations.
- Support diverse project structures with varying access needs.
Suggested Implementation:
- Introduce a setting under Admin controls to specify which roles (e.g., Project Manager, Lead Designer etc.) can manage team membership.
- Provide additional logs for user additions/removals to Project teams for traceability.
