成員關係
Membership 將使用者以特定角色連結到帳戶。使用者可同時在多個帳戶擁有 memberships,且角色可不同。
Schema
interface Membership {
id: string; // "mbr..." - Unique identifier
user_id: string; // User who has membership
account_id: string; // Account membership is in
role: MembershipRole;
}
type MembershipRole = "owner" | "member" | "viewer";屬性
| 屬性 | 型別 | 說明 |
|---|---|---|
id | string | 帶有 mbr 前綴的 KSUID |
user_id | string | 使用者參照 |
account_id | string | 帳戶參照 |
role | enum | 權限層級 |
角色
| 角色 | 權限說明 |
|---|---|
owner | 完整權限,可管理成員與刪除帳戶 |
member | 可讀寫資源 |
viewer | 唯讀存取 |
多帳戶存取
User (uid_123)
├── Membership → Account A (role: owner)
├── Membership → Account B (role: member)
└── Membership → Account C (role: viewer)Token Claims
存取帳戶時,token 會包含:
{
"uid": "uid_123",
"acc": "acc_A",
"role": "owner"
}範例
{
"id": "mbr_2kHfPZcN9xW4mE8RtY7vB",
"user_id": "uid_1jGePYbM8wV3lD7QsX6uA",
"account_id": "acc_3lIfQZdO0yX5nF9SuY8wC",
"role": "member"
}