SysTeam/Docs/Teams

Teams & Access Control

Teams provide lightweight grouping of people and resources within an organization. They help large organizations (50+ engineers, 20+ systems) manage ownership and on-call responsibilities clearly.

Overview

Teams sit between Organizations and individual resources in the hierarchy. A team groups projects, on-call schedules, escalation policies, and integration keys under one roof.

Organization
  ├── Team: SRE
  │   ├── Projects: infra-monitors, network-checks
  │   ├── Schedule: sre-rotation
  │   ├── Policy: sre-escalation
  │   └── Integration Key: grafana-alerts
  ├── Team: Database
  │   ├── Projects: pg-primary, redis-cluster
  │   ├── Schedule: db-rotation
  │   └── Policy: db-escalation
  └── Team: Application
      ├── Projects: api-health, frontend-checks
      ├── Schedule: app-rotation
      └── Policy: app-escalation

Tip

Teams are optional. All existing resources continue to work without any team assignment. You can adopt teams gradually.

Creating a Team

  1. Go to Teams in the sidebar (under Configure)
  2. Click New Team
  3. Enter a name, optional slug, and description
  4. Click Create — you are automatically added as team Lead

Example Team

Name:SRE
Slug:sre
Description:Site reliability engineering team, owns infrastructure monitoring

Team Roles

Each team member has one of two roles:

RoleView teamAdd/remove membersAssign resourcesEdit team infoDelete team
LeadYesYesYesYesNo (org ADMIN only)
MemberYesNoNoNoNo

Organization ADMIN and OWNER roles can manage any team, regardless of team membership.

Assigning Resources

Resources (projects, on-call schedules, escalation policies, integration keys) can be assigned to exactly one team at a time. Assignment is done from the team detail page:

  1. Open a team from the Teams page
  2. Go to the Resources tab
  3. Check/uncheck resources to assign or remove them
  4. Click Save Resources

Warning

Assigning a resource to a new team will unassign it from the previous team. Resources already assigned to another team show their current team name as a badge.

Filtering by Team

The Dashboard and On-Call pages include a team filter dropdown. When a team is selected, only checks belonging to that team's projects (or schedules/policies assigned to that team) are shown.

The filter appears automatically when your organization has at least one team.

How Teams Work with Access Control

Teams are a grouping mechanism, not an access control mechanism. Access is still controlled by:

  • Organization roles (OWNER, ADMIN, MEMBER, VIEWER) control who can see and manage the org
  • Project access control (when enabled) controls who can see specific projects
  • Team roles (LEAD, MEMBER) control who can manage the team itself

Being a team member does not automatically grant access to the team's projects if project access control is enabled. You still need a project membership.

Multi-Team Example

A typical SaaS company might organize like this:

Team: Database (3 members)
  • Projects: pg-primary, pg-replica, redis-cluster
  • Schedule: db-oncall (weekly rotation, 3 DBAs)
  • Policy: db-escalation (DBA on-call → 10min → SRE lead)
  • Integration Key: datadog-db-alerts
Team: SRE (5 members)
  • Projects: infra-http, infra-dns, infra-network
  • Schedule: sre-oncall (daily rotation)
  • Policy: sre-escalation (on-call → 5min → SRE lead → 15min → VP Eng)
  • Integration Key: prometheus-infra, grafana-infra
Team: Application (4 members)
  • Projects: api-health, frontend-checks, payment-service
  • Schedule: app-oncall (weekly rotation)
  • Policy: app-escalation (on-call → 10min → App lead)

API Reference

All team endpoints are scoped under /api/organizations/{org_id}/teams.

GET /api/organizations/{org_id}/teams

List all teams with member and resource counts

POST /api/organizations/{org_id}/teams

Create a team (ADMIN required)

GET /api/organizations/{org_id}/teams/{team_id}

Get team details with members and resource counts

PUT /api/organizations/{org_id}/teams/{team_id}

Update team name/description (ADMIN or LEAD)

DELETE /api/organizations/{org_id}/teams/{team_id}

Delete team (ADMIN only). Resources become unassigned.

POST /api/organizations/{org_id}/teams/{team_id}/members

Add member with role (LEAD or MEMBER)

PUT /api/organizations/{org_id}/teams/{team_id}/resources

Bulk assign projects, schedules, policies, integration keys

cURL: Create a team
curl -X POST https://checks.systeam.pl/api/organizations/1/teams \
  -H "Content-Type: application/json" \
  -d '{"name": "SRE", "description": "Site reliability team"}'
cURL: Assign resources to a team
curl -X PUT https://checks.systeam.pl/api/organizations/1/teams/1/resources \
  -H "Content-Type: application/json" \
  -d '{"project_ids": [1, 2], "schedule_ids": [1], "policy_ids": [1]}'