Setting Up Your Team | Pingcore Docs

Brand members are people who can manage your PingCore workspace alongside you. Manage them at Settings > Team (/brand/team).

The page has three tabs:

Brand Members: list of current members, with edit and remove actions
Add Brand Member: invite a new member
Team Roles: manage reusable permission bundles

Brand owners vs members

Every workspace has at least one owner, the user who created the brand. Owners:

Bypass every permission check automatically
Cannot be removed or have their permissions edited
Are the only members who can transfer ownership

Everyone else is a member. Members get exactly the permissions you assign, nothing more, nothing less.

Inviting a member

Open Settings > Team
Click the Add Brand Member tab
Enter the member's email, first name, and last name
Either pick a Team Role or hand-pick individual permissions
Click Add Member

If the email matches an existing PingCore user, they are added directly. If not, an invitation is sent.

Requires the brand.members.invite permission.

How permissions work

Permissions are scoped to your brand. A member with cores.create can create cores in your workspace, not in any other brand's.

Every permission has:

Key: a stable identifier like cores.create or brand.members.invite used in code and the API
Name: a human-readable label shown in the UI
Category: groups related permissions in the selector

Members can be granted permissions in two ways:

Custom permissions: you tick exactly the boxes you want for that member
Team Role: you assign the member to a named role, and their permissions match the role

Team Roles

A Team Role is a named bundle of permissions you can attach to multiple members. When the role's permissions change, every linked member updates automatically.

Use roles when:

You have several members doing the same job
You want to update permissions across multiple people in one place
You need consistent access patterns (for example, all support staff get the same view-only permissions)

Creating a role

Go to Settings > Team > Team Roles
Click Add Role
Enter a Role Name (for example "Support", "Manager", "Server Operator")
Optional Description
In the Permissions panel, check the permissions this role should have
- Use the per-category Select All to grant everything in a category
- Use the global Select All at the top to grant every available permission
Click Create Role

Requires brand.member-roles.manage.

Editing a role

Editing a role updates every linked member instantly. The form shows a warning when there are linked members so you know how many will be affected.

If you delete a role, members linked to it are detached but their current permissions stay the same. No one is locked out.

Custom permissions

If a single member needs a specific set of permissions that doesn't match any role, give them custom permissions:

Go to Settings > Team > Brand Members
Click the edit icon next to the member
Switch to Custom Permissions mode
Tick the permissions individually
Click Save

Switching a member from a role to custom mode preserves their current permission set as the starting point. Switching back to role mode replaces their permissions with the role's.

Requires brand.members.manage.

Permission categories

PingCore has 80+ permission keys organised into categories. The full list, by category:

My Games

Configure games, branches, templates, storage, containers, and deployment specs.

my-games.view: view game data
my-games.add: add games to the brand catalog
my-games.edit: edit games, upload images, manage pricing
my-games.delete: delete games
my-games.branches: add, edit, modify game branches
my-games.templates: add, edit, modify game templates
my-games.kubernetes: manage containers, storage, and deployment specs
my-games.log-files: manage tracked log file configurations

Cores

Portable game deployment snapshots.

cores.view: view core list and JSON
cores.create: create and rename cores from deployment specs
cores.delete: delete cores
cores.import: import a core to create a new game
cores.set-public: toggle public visibility
cores.browse-public: browse public cores from other brands

Container Images

Self-managed container images used by your games.

container-images.view / .add / .edit / .delete / .set-public

CDN Sources

Sources for game files and static assets.

cdn-sources.view / .add / .edit / .delete / .set-public
cdn-sources.force-update: trigger an immediate sync
cdn-sources.logs: view sync and download logs

Credentials

Stored credentials for external services.

credentials.view / .add / .edit / .delete

Game Servers

Operations on running game server instances.

gameservers.networking: add, remove, reallocate ports
gameservers.resource-allocation: adjust memory/resource allocation when creating servers
gameservers.image-tag-override: override container image tags

API Keys

Brand-scoped API keys for programmatic access.

api-keys.add: create new keys
api-keys.delete: revoke keys

Brand Members

Manage who can access your brand.

brand.members.view: view brand members
brand.members.invite: invite new members
brand.members.manage: edit member permissions
brand.members.remove: remove members

Team Roles

brand.member-roles.view: view team roles
brand.member-roles.manage: create, edit, delete roles

Brand Settings & Pricing

brand.settings.manage: update brand settings, logo, branding
brand.pricing.view / .manage: B2C pricing brackets and currency overrides

Payment Gateways

brand.gateways.view / .manage

Brand Users (B2C)

End users registered with your brand.

brand.users.view: search and view individual users
brand.users.list: browse the full user list without searching
brand.users.manage: edit user profiles and account status
brand.users.force-2fa: require individual users to enable 2FA
brand.users.impersonate: log in as a brand user

Billing (B2B)

Your infrastructure costs with PingCore.

brand.billing.view: view billing data, usage, rates, credit balance
brand.billing.topup: add credit via payment gateway
brand.billing.pay: pay invoices from credit balance

Server Deployments

Brand-deployed servers across all games.

brand.servers.view: search and view servers
brand.servers.list: browse the full server list
brand.servers.deploy: deploy new servers and scale deployments
brand.servers.manage: full access including files, console, mods, configuration
brand.servers.remove: remove deployments

Other categories

Jobs: brand.jobs.view, brand.jobs.manage
Promotions: brand.promotions.view, brand.promotions.manage
Knowledge Base: brand.knowledgebase.view, brand.knowledgebase.manage
AI Assist: brand.ai-assist.access
Analytics: brand.analytics.view
Orders (B2C): brand.orders.view, .list, .manage
Transactions (B2C): brand.transactions.view, .list, .manage, .refund

The view / list / manage pattern

Several categories follow a view / list / manage split:

view: search and open individual records (requires a search term first)
list: browse the full unfiltered list
manage: modify records

Granting view without list is useful for support staff who should only access records when given a specific name or ID. They cannot browse all data.

Suggested role patterns

A few role bundles that work well for common team structures:

Server Operator: brand.servers.list, brand.servers.deploy, brand.servers.manage, gameservers.networking
Support Agent: brand.users.view, brand.orders.view, brand.transactions.view, brand.servers.view (no list permissions, so they only get access on lookup)
Game Builder: every my-games.* and cores.* permission, plus container-images.* and cdn-sources.*
Finance: brand.billing.view, brand.billing.topup, brand.billing.pay, brand.transactions.list, brand.transactions.refund

Build roles to match your team's actual job descriptions, not the platform's structure.

Removing a member

Go to Settings > Team > Brand Members
Click the remove icon next to the member
Confirm

Owners cannot be removed. Removed members lose access immediately. Their existing API keys are revoked.

Requires brand.members.remove.