Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rafftechnologies.com/llms.txt

Use this file to discover all available pages before exploring further.

Updated May 8, 2026 Team & Projects is where you decide who has access to what on your Raff account. It has three pieces, each on its own tab:
TabWhat it controls
MembersThe people who can sign in to your account — invite, set their access scope, remove
ProjectsGroupings of resources (VMs, volumes, IPs, VPCs, etc.) used for access control and organization. Every account has a Default project you can never delete
RolesThe named permission sets you can assign to members at the account or project level
Team & Projects page Members tab showing two members — serdar@... with Owner badge and "All projects", batuhan@... with Project-only badge and "1 project" — and an Invite Member button

Two separate permission systems — Account and Project

Raff splits permissions into two independent systems. They look similar in the UI but they cover completely different things, and granting one does not grant the other.
SystemControlsExample permissions
Account permissionsAccount-wide features — invite members, manage billing, view audit logs, manage account settings, manage account-wide API keys, list of projects, the role catalog itselfaccount.members.invite, account.billing.manage, account.audit.view, account.apikeys.create
Project permissionsResources that live inside a project — VMs, VPCs, public IPs, snapshots, the project’s members, the project’s settingsvm.create, vm.power, vpc.manage, project.members.invite
A member’s grants are tracked separately in each system:
  • Account roles are assigned once per member at the account level — they apply across the whole account
  • Project roles are assigned per project — the same member can have Project Admin on customer1 and Viewer on staging, or no project role at all
An account role does not grant access to any project’s resources. A member with the Admin account role and no project roles can invite members, manage billing, see the list of projects’ names — but they cannot list VMs, see VPCs, or open any project’s resources. Project access has to be granted explicitly, per project. The Owner is the only exception: granted automatically at signup with full access in both systems on every project, current and future. Every other member you invite is scoped narrower than that. The Members list shows where each member sits with badges:
BadgeMeaning
OwnerFull account permissions + full project permissions on every project. Granted automatically at signup. One per account
AccountHas an account role (Admin / Billing / Member). May or may not also have project roles — those are added separately
Project-onlyNo account role at all — only has project roles on specific projects. Useful for customers, contractors, anyone who shouldn’t see account-wide info

Projects — the unit of access control

Every resource on Raff lives in a project. VMs, volumes, public IPs, VPCs, Object Storage buckets — all of them are scoped to one project at creation time. Projects are how access control gets fine-grained.
Team & Projects Projects tab showing two projects — Default (with Default badge, 0 members, created 1/22/2026) and customer1 (1 member, created 3/23/2026) — and a + Create Project button
A few things every account should know:
  • Every new account starts with a Default project. It’s pre-created at signup and used for any resource you create without picking a project explicitly. The Default project cannot be deleted — it’s the always-available fallback.
  • You can create more projects. + Create Project from the Projects tab. Use them to isolate customers, environments (prod / staging), teams, billing entities, anything where access should be partitioned.
  • Single project is fine. If you don’t need access partitioning, leave the Default project as your only project and forget about it. The account works the same way.
  • Resources never leave their project. A VM created in customer1 stays in customer1. Today there’s no “move to another project” action — recreate elsewhere if you need to relocate.

How users switch projects

The top bar of the dashboard has a project picker next to the account name. Members with access to multiple projects use this to scope the dashboard to one project at a time.
Project switcher dropdown opened from the top bar showing Raff Technologies header with Default (checked) and customer1 listed below
Whatever project is selected here, every list page in the dashboard filters to that project’s resources — Compute, Networking, Object Storage, all of it. Switch projects and the dashboard re-scopes immediately. The dropdown only lists projects the member actually has a project role on (the Owner sees all of them). The selected project also determines where new resources land — clicking + Create at the top right while customer1 is selected creates the new VM / volume / IP inside customer1.

What you can do

TaskWhere
Invite a new memberMembers tab → Invite Member
Change a member’s scope or projectsMembers tab → row’s
Remove a memberMembers tab → row’s → Remove
Create a new projectProjects tab → + Create Project
Rename or delete a projectProjects tab → row’s
Switch the dashboard’s view to another projectTop bar → project picker
Generate an API keyAPI Keys in the left sidebar
API keys are managed in a separate left-sidebar item, API Keys, not on the Team & Projects page. They’re tied to your account and inherit the scope you give them at creation.

Most viewed

Invite a member

Add a teammate at account or project scope.

Create a project

Group resources into a new project.

Roles, scopes, and the Owner

The Account vs Project permission model.

Generate an API key

Create a key for programmatic access.

Browse

Quickstart & guides

Members, roles, API keys.

Concepts

Account vs project scope, roles, API key scope.

Details

Permission matrix and limits.

Troubleshooting

Common access issues.

Authentication

API key authentication reference.

Changelog

All API updates and changes.
Last modified on May 8, 2026