Q: We would like to create a system with users, organizations, and teams of users inside organizations, and setup permissions for these users and teams, similar to the way I’ve seen done on GitHub. How easy would it be to model this scenario using your service?
A: You can definitely model something like GitHub. Our system supports a single layer of Orgs (no nesting), but there at least 2 ways to accomplish what you’re after:
1) Map each organization plus each team to an Org in our system. You can use the reference field and/or custom attributes to track the 2 separately. WIth this approach, every user would have a membership to their respective organization’s Org and 0+ memberships to relevant team Orgs. Example:
User <-> Membership <-> Org (for organization)
Org.custom.org_type = “organization”
User <-> Memberships <-> Orgs (for teams)
Org.custom.org_type = “team”
Org.custom.main_org = org.id of organization (or put this in reference if you want it to be searchable.)
Full flexibility on Membership.permissions object
If needed, you could filter Orgs being an org vs. a team.
2) The other approach would be a single Org mapped to the organization and then managing team memberships as additional permissions on the user’s single Membership object. Each added permission might be something like team:<id> or team:<id>:read:write:delete.
If your team permissions are structured enough to fit into #2, we’d recommend that route just because it’s simpler, but either option will work.
Tagged with: users orgs permissions
Questions? Find a Typo? Get in touch.