Team & Permissions
AllyProof supports multi-organization membership, role-based access control, issue-level collaboration, and an append-only audit log. This page covers who can do what and how teams coordinate on remediation.
Multi-organization support
One user can belong to many organizations at once. Each organization has its own sites, scans, issues, team, and billing — completely isolated at the database level. The sidebar includes an org switcher that lets you jump between them without signing out and back in.
How many organizations one person can own depends on the plan of their highest-tier paid org:
| Plan | Organizations you can own |
|---|---|
| Free / Starter | 1 |
| Agency | 3 |
| Enterprise | 5 |
Being invited into additional orgs is unlimited — the cap only applies to orgs you create.
The five roles
Each membership carries exactly one role. Server-side checks enforce every restricted action; the UI hides surfaces the viewer can't use so screens don't fill up with disabled buttons.
| Role | Scope |
|---|---|
| Owner | Full control, including billing, role changes, and org deletion. Every org has exactly one owner. |
| Admin | Team lead. Manage sites, team, API keys, audit log — but not billing or role changes. |
| Member | Individual contributor. Run scans, work issues, draft VPATs. No settings access. |
| Billing | Finance seat. Manage subscription and invoices only — no site, scan, or issue visibility. |
| Client guest (Agency + Enterprise) | Read-only access scoped to specific sites you grant. Guests don't count against team-member quota. |
Permission matrix
| Action | Owner | Admin | Member | Billing | Guest |
|---|---|---|---|---|---|
| Manage billing | ✓ | – | – | ✓ | – |
| Manage organization settings | ✓ | ✓ | – | – | – |
| Invite / remove members | ✓ | ✓ | – | – | – |
| Change member roles | ✓ | – | – | – | – |
| Create / revoke API keys | ✓ | ✓ | – | – | – |
| Add / remove sites | ✓ | ✓ | – | – | – |
| Run scans | ✓ | ✓ | ✓ | – | – |
| Change issue status (assign, resolve, suppress) | ✓ | ✓ | ✓ | – | – |
| Publish accessibility statements | ✓ | ✓ | – | – | – |
| Generate VPAT drafts | ✓ | ✓ | ✓ | – | – |
| View audit log | ✓ | ✓ | – | – | – |
Guests can readthe sites they're scoped to — the matrix only governs mutating actions. Read-side enforcement happens through row-level security in the database.
Inviting a teammate
- Open Settings → Organization.
- In Team, click Invite member.
- Enter their email and pick the role. Guest and Billing appear when available on your plan.
- If inviting a guest, pick which sites they can see.
- Send. They receive a branded email with your org name and an Accept link.
Invites stay pending until accepted. Inviting the same email twice replaces the previous pending invite rather than stacking them. You can revoke a pending invite any time before the recipient accepts.
If the invitee doesn't yet have an AllyProof account, signup pre-fills their email and — once confirmed — sends them straight to /invitations to accept.
Issue collaboration
- Assignan issue to any member of the org from the issue detail page. The dashboard's On your plate card shows each viewer their own assignments.
- Commenton the issue's activity thread to discuss the fix without leaving the tool.
- Log a manual test — click Log manual test under the comment composer to record a structured AT verification: tool (e.g. NVDA + Firefox), result (pass/fail/inconclusive), and optional transcript notes. The result chip is visible next to the author name in the thread, so an auditor scanning the activity log can see where manual verification actually landed.
- Workflow states:
open→in progress→resolved, or sideways tosuppressed(with reason code — false positive, accepted risk, third-party, will fix later, not applicable) andaccepted exception(EAA / ADA exemption category with reason text). - Bulk actionson the issue list. “Mark Resolved” is one click; “Won't fix” and “False positive” require a short reason that persists onto every affected row — the audit trail carries the why, not just the what.
Automated fix verification
After each scan, AllyProof compares findings to the previous scan for the same site:
- Violations that were open and are no longer detected → marked verified fixed.
- Violations that were resolved and have re-appeared → reopened and flagged as regressed. Regressions fire a dedicated
violation.regressedwebhook and a regression digest email so "we fixed it, why is it back?" is visible without hunting through scan diffs. - Violations never seen before → surfaced as new on the issue list.
The site detail Overview tab shows a Since last scan line with new-vs-resolved counts so you can see sprint progress at a glance.
Multi-site dashboard
The main Dashboard renders every managed site in one sortable table — accessibility score, open critical and serious counts, new-this-week delta, last-scan date, and a per-site trend arrow against the previous completed scan. Rows are bucket-prioritised: critical issues first, then warnings, unscanned sites, and healthy sites — so the clients that need attention surface first.
Available on every plan. Suited for a weekly account-manager review as well as day-to-day triage; click any row to drop into that site's detail page where remediation actually happens.
Audit log
Append-only record of every organization-significant action, visible to owners and admins under Settings → Logs. Events captured include: sites added, removed, or verified; scans queued, started, completed, or failed; issue status changes and suppressions; API keys created or revoked; members invited, removed, or role-changed; settings changes. Rows are insert-only at the database level — even service-role code can't edit or delete them.
Account management
- Profile. Name, avatar, and email at Account → Profile. Avatar can be an upload or your Google/GitHub OAuth photo.
- Personal notification preferences at Account → Notifications. These are per-user and separate from the org-level webhook/recipient settings — see Notifications.
- Transfer ownership. An owner can hand control to another member. After transfer, the old owner becomes an admin and keeps everything except billing and role-change permissions.
- Leave organization. Any non-owner member can leave — your membership is removed but the org continues with the remaining members. Owners must transfer first.
- Delete organization. Owner-only, at Settings → Organization → Danger zone. All sites, scans, violations, and VPAT drafts are removed; any active subscription is cancelled. This action is irreversible.