Members and roles
Members are the people who run your organization — the staff who create content, set prices, moderate communities, and administer the account. This page describes who they are, the two permission axes that shape what each one can do, and how impersonation lets an admin safely see the dashboard through a member's eyes.
Members are not learners
Two very different kinds of people appear in Cursiva, and keeping them separate avoids most access mistakes.
- Members are the organization's staff. They sign in to the dashboard, hold organization and team roles, and appear under
/dashboard/settings/members. - Learners are the students who enroll in and consume your content. They live on the learner side of the product, not in the settings area.
A person can of course be both, but the roles below only govern the member side. For everything about students, enrollments, and access, see Learners and enrollments.
The two permission axes
Cursiva separates permissions into two independent axes. One decides who can make structural changes to the whole organization; the other decides what a member can do inside a specific piece of content through their team.
- Organization role —
owner,admin, ormember. Owner and admin pass the administration check (requireOrgAdmin), which is the gate for structural changes: managing teams, plans, integrations, and developer settings. - Member role within a team — assigned per member inside a team (
team_member_role) and used to unlock specific domains of a piece of content. Organization owners and admins bypass this granularity — they already have full access.
| Role | Axis | What it enables |
|---|---|---|
owner | Organization | Maximum authority; passes every admin check |
admin | Organization | Manages teams, members, plans, integrations, keys, and webhooks |
member | Organization | Base access; no structural powers |
editor | Team | Edit the team's content (content domain) |
finance | Team | Pricing, coupons, refunds, and listing — but read-only access to the content editor |
community | Team | Manage the content's communities/cohorts: administer, moderate, and make up the tutor pool |
The organization role is the coarse switch; the team role is the fine one. A member with no team role still can't edit content, and an editor still can't touch pricing unless they also hold the finance role on that team.
Team roles are assigned where the team is managed. For how teams group content and people, see Teams.
Impersonation
Impersonation lets the organization's owner or admin view the dashboard as one of its members — useful for support and for reproducing exactly what that person sees. It is a sensitive power, so it is fenced in on every side.
- Double check — whoever starts it must be an owner or admin, and the target must be a member of the same organization. Validation runs at the start and on every request, so a tampered cookie never widens access.
- Ephemeral cookie — the impersonation session lives in an
httpOnlycookie that expires on its own after one hour. - Warning banner — while impersonating, a banner indicates the state; ending it clears the cookie and returns you to your own view.
- No self-impersonation — you cannot impersonate yourself.
Impersonation only ever targets members, never learners — it is a staff-support tool, not a way to browse as a student.