成员关系
Membership 将用户与账户按特定角色关联起来。用户可在多个账户中拥有成员关系,且角色可不同。
Schema
interface Membership {
id: string; // "mbr..." - Unique identifier
user_id: string; // User who has membership
account_id: string; // Account membership is in
role: MembershipRole;
}
type MembershipRole = "owner" | "member" | "viewer";属性
| 属性 | 类型 | 说明 |
|---|---|---|
id | string | 带 mbr 前缀的 KSUID |
user_id | string | 用户引用 |
account_id | string | 账户引用 |
role | enum | 权限级别 |
角色
| 角色 | 权限说明 |
|---|---|
owner | 完全访问,可管理成员并删除账户 |
member | 可读写资源 |
viewer | 只读访问 |
多账户访问
User (uid_123)
├── Membership → Account A (role: owner)
├── Membership → Account B (role: member)
└── Membership → Account C (role: viewer)Token Claims
访问某账户时,令牌会包含:
{
"uid": "uid_123",
"acc": "acc_A",
"role": "owner"
}示例
{
"id": "mbr_2kHfPZcN9xW4mE8RtY7vB",
"user_id": "uid_1jGePYbM8wV3lD7QsX6uA",
"account_id": "acc_3lIfQZdO0yX5nF9SuY8wC",
"role": "member"
}