Currently, you can only invite users to a Phacility instance from the administrative console in the cluster.
This is technically documented, but the error on the instance isn't very clear, and the error if you don't have permission on the admin console also isn't necessarily very clear.
We're currently cautious about this permission because it affects billing.
From a product perspective, we probably don't need to be as cautious as we are: it is reasonable for instances to allow other users to be invited from the instance. The default behavior (giving this permission only to administrators) is reasonable. Ideally we get some text in there about billing to make sure it's explicit, but I think it's broadly reasonable that this capability not be as tightly controlled as other capabilities like "disable instance".
From a technical perspective, making this work seamlessly is complicated.