Users & roles

Invite team members, assign granular roles, and control who can view reports, manage domains, and configure settings.

Team access overview

UglyDMARC supports multi-user accounts with role-based access control. You can invite teammates with specific permissions — some users might only view DMARC reports, while others manage domains or billing.

The account owner (the person who signed up) is always an admin. As an admin, you can:

• Invite new users via email
• Assign roles with specific permissions
• Change or revoke a user's role
• Remove users from the account
• View seat usage against your plan limit

Inviting users

1. Go to Account Settings

   From the app menu, select Settings → Team & access.

2. Click "Invite user"

   Enter the user's email address.

3. Select a role

   Choose from Admin, Member, or Viewer (see role matrix below).

4. Send invitation

   Click Invite. The user receives an email with a sign-up link. They have 7 days to accept.

5. User accepts and logs in

   Once they click the link and set a password, they're added to your account with the assigned role.

Roles and permissions

UglyDMARC includes three built-in roles. Each role grants a specific set of permissions:

Admin

Full account access. Admins can invite and remove users, change anyone's role, and manage all account settings including billing. Use this role sparingly — typically for account owners and team leads.

Member

Can view all domains and reports, add new domains, configure SPF synthesis, and generate API keys for automation. Cannot invite users or change billing. Ideal for engineers and security analysts actively working on email authentication.

Viewer

Read-only access to all DMARC reports and domain dashboards. Cannot add domains, modify SPF settings, or access API. Perfect for compliance, audit, or executive stakeholders who need visibility but not hands-on control.

Changing a user's role

1. Open Team & access

   Go to Settings → Team & access.

2. Find the user

   Locate them in the members list.

3. Click the role dropdown

   Select the new role (Admin, Member, or Viewer).

4. Confirm

   The change takes effect immediately. The user is notified via email of the role change.

Removing users

1. Open Team & access

   Go to Settings → Team & access.

2. Find the user

   Locate them in the members list.

3. Click the three-dot menu

   Select Remove from account.

4. Confirm removal

   The user loses access immediately. Their active sessions are terminated. They can be re-invited later if needed.

Seat limits and your plan

The number of users you can invite depends on your pricing plan:

• Starter — 1 user (the account owner only)
• Pro — up to 5 users
• Enterprise — unlimited users

Your current seat usage is visible at the top of the Team & access page (e.g., "3 of 5 seats used"). If you reach your limit, you'll see a prompt to either upgrade your plan or remove a user.

Inactive users and cleanup

If a team member leaves or is no longer active, you should remove them from your account to free up a seat (on Pro and lower plans). UglyDMARC does not auto-disable users or enforce inactivity timeouts — it's your responsibility to manage access.

API access by role

Members and Admins can create API keys to automate domain management and report queries. Each API key inherits the permissions of the user who created it. If a user is removed from the account, their API keys are revoked.

See API access for details on generating and using keys.