Organizing Users

Organizing users is a central feature of the platform. We enforce the use of teams across the platform to ensure that permissions, product subscriptions and other resources are not tied to an individual user and can easily be shared. This eases the task of ensuring that a group of people have permissions to a group of related resources.

Team members have either the role Maintainer or Member. Maintainers can manage memberships, change the settings of the team and suspend it. Members can remove themselves, invite other users and create groups of their own. Teams do not have a type and are therefore agnostic to how they are being used. The application creating the task has to keep a reference to the team, its team ID, so that it can make the right assumptions about the team's type. For example, our Identity service attaches access policies to the teams it created. Teams can be created by any application on the platform.

Teams and team memberships can be tagged. Tags are useful to attach application specific information and references to the team or membership. For example, a membership can be tagged with metadata to further define the role of the user. Only Maintainers of the group can change tags.