Team Member Associations¶
Team Member Associations define the relationship between users and teams, including roles and permissions within each team.
Overview¶
Team Member Association resources in the LiteLLM Operator provide:
- User-Team Linking - Connect users to specific teams
- Role Management - Define user roles within teams
- Permission Control - Manage team-specific access rights
- Team Organisation - Structure team hierarchies and responsibilities
Creating Team Member Associations¶
Basic Association¶
apiVersion: auth.litellm.ai/v1alpha1
kind: TeamMemberAssociation
metadata:
name: alice-ai-team
spec:
connectionRef:
instanceRef:
name: litellm-example
namespace: litellm
role: admin
teamRef:
name: ai-team
namespace: litellm
userRef:
name: alice
namespace: litellm
Member Association¶
apiVersion: auth.litellm.ai/v1alpha1
kind: TeamMemberAssociation
metadata:
name: bob-ai-team
spec:
connectionRef:
instanceRef:
name: litellm-example
namespace: litellm
role: member
teamRef:
name: ai-team
namespace: litellm
userRef:
name: bob
namespace: litellm
Specification Reference¶
| Field | Type | Description | Required |
|---|---|---|---|
connectionRef |
object | Reference to LiteLLM instance | Yes |
role |
string | User role within the team (admin, member) | Yes |
teamRef |
object | Reference to an existing Team resource |
yes |
userRef |
object | Reference to an existing User resource |
yes |
Managing Team Member Associations¶
List Associations¶
Get Association Details¶
Update User Role¶
Remove User from Team¶
Team Roles¶
Admin Role¶
- Can manage team settings and membership
- Can modify team model access
- Can view all team member activities
- Can create and manage team resources
Member Role¶
- Can access team resources and models
- Can view team information
- Cannot modify team settings
- Limited to personal permissions
Working with Teams and Users¶
Prerequisites¶
Before creating a Team Member Association, ensure:
- Team exists: The team referenced by
teamRefmust already exist - User exists: The user referenced by
userRefmust already exist - LiteLLM Instance: The referenced LiteLLM instance must be available
Complete Workflow Example¶
# 1. Create the team
apiVersion: auth.litellm.ai/v1alpha1
kind: Team
metadata:
name: ai-team
spec:
teamAlias: ai-team
models:
- gpt-4o
connectionRef:
instanceRef:
name: litellm-example
namespace: litellm
---
# 2. Create the user
apiVersion: auth.litellm.ai/v1alpha1
kind: User
metadata:
name: alice
spec:
userEmail: "alice@example.com"
userAlias: "alice"
userRole: "internal_user_viewer"
keyAlias: "alice-key"
autoCreateKey: true
models:
- "gpt-4o"
maxBudget: "10"
budgetDuration: 1h
connectionRef:
instanceRef:
name: litellm-example
namespace: litellm
---
# 3. Associate user with team
apiVersion: auth.litellm.ai/v1alpha1
kind: TeamMemberAssociation
metadata:
name: alice-ai-team
spec:
connectionRef:
instanceRef:
name: litellm-example
namespace: litellm
role: admin
teamRef:
name: ai-team
namespace: litellm
userRef:
name: alice
namespace: litellm
Best Practices¶
- Use descriptive names for associations that include both user and team
- Start with member roles and promote to admin only when necessary
- Regularly review team membership and roles
- Ensure team aliases match exactly between Team and TeamMemberAssociation resources
- Use consistent email addresses across User and TeamMemberAssociation resources
Troubleshooting¶
Common Issues¶
Association Not Working
- Verify the team exists with the correct teamAlias
- Check that the user exists with the correct userEmail
- Ensure the LiteLLM instance is running and accessible
Role Permissions - Admin roles have full team management capabilities - Member roles have limited access to team resources - Verify role spelling (admin, member)
Next Steps¶
- Learn about Teams and Users
- Understand Virtual Keys and their usage
- Set up monitoring and access control