Invite only the people who need access
Team management lives in Settings. Owners and permitted managers can invite team members, resend invites, update roles where allowed, deactivate or reactivate users, and stay within the seat limits for the active plan.
Seat limits are plan capabilities: Starter includes one seat, Growth includes three seats, and Business includes 10 seats. Business also supports roles/rights and multi-location assignment within the existing merchant/site tenant boundary.
Respect owner and site boundaries
Helm protects the last-owner rule and keeps dashboard access site-scoped. Staff should not be able to bypass invite, seat, role, location assignment, or disabled-user rules by choosing a different sign-in method.
Google Sign-In uses the same Better Auth account boundary as email-based access. It should preserve onboarding continuation, invite acceptance, disabled-user rejection, tenant/site assignment, seat limits, roles, and location assignments.
Avoid enterprise security overclaims
Business roles/rights and audit history are scoped to Helm dashboard actions. Do not treat them as enterprise IAM, SSO, SCIM, or external SIEM export unless those capabilities are explicitly implemented later.
If a team member leaves, deactivate access promptly, review active invites, and keep owner accounts tied to real operators who can handle billing and support requests.