#Partner Team
The Partner Team page is for provisioned partner organisations to manage partner users and see which clients each partner user can support.
#Who Can Use It
| Role | Access |
|---|---|
partner_admin | View members and assigned clients, view pending invitations, invite partner_user members, revoke pending invitations, change another member between partner_admin and partner_user, and remove other members. |
partner_user | View the partner team and their own assigned clients in read-only mode. |
Customer roles and internal AiDial roles do not use this partner-team surface.
The page depends on an active partner organisation membership. If AiDial has not completed partner bootstrap for your organisation, team roster and assigned-client requests may be denied and the page may show an unable-to-load state. Contact AiDial support rather than trying to self-correct partner organisation setup.
#What Partner Admins Can Do
Partner administrators can:
- review the member list with name, email, role, privacy-limited security posture, and activity status when telemetry is available
- search, sort, and paginate the member list
- invite new
partner_usermembers; the page does not createpartner_admininvitations - revoke pending invitations
- change another member between
partner_adminandpartner_user - remove another member from the partner organisation
- inspect another member's assigned-client list
The portal shows the signed-in member's MFA/security status when available, but peer MFA and exact peer activity values are hidden before roster data reaches the browser.
The portal does not allow a partner administrator to change or remove their own membership from the team table. Self role-change and self-removal attempts are rejected server-side.
#What Partner Users Can Do
Partner users can view the team roster and assigned-client information that applies to their own account. They cannot view pending invitations or perform invitation, role-change, removal, or cross-member assignment actions.
#Security And Scope
Partner Team actions are scoped to your partner organisation, not to a browser-supplied client ID. The portal checks your signed-in session, current partner membership, organisation status, role, and action before it performs protected work.
The browser calls portal BFF routes under /api/partner-team/**; those route handlers resolve the next-auth/Zitadel session and forward the session bearer token to aidial_api. Do not send X-API-Key from the browser for partner-team actions.
Mutating partner-team actions require portal request verification and are audit logged. Partner-team audit events include invitation sent, invitation revoked, role-change, and member-removal activity.
If your partner organisation is suspended or archived, management actions may be blocked until AiDial support resolves the organisation status.
#Unsupported Actions
Use Escalation Boundaries instead of attempting self-service for:
- recovering the last remaining partner administrator
- changing organisation-level partner status
- fixing a suspected cross-organisation assignment issue
- restoring a removed member when the normal invitation flow is not enough
- investigating audit events outside your partner organisation
Do not share passwords, API keys, screenshots containing secrets, or customer PII in support requests.