Skip to content
Axowl

Connected ID

A ConnectedId is a User’s membership inside one Organization. It is the principal that org-scoped actions, roles, and permissions attach to.

Model

Section titled “Model”
  • A User (one per email) can have many ConnectedIds — one per org they belong to.
  • Each ConnectedId has a Type: Human, ServiceAccount, Group (team), or Guest (end user).
  • Each has a MembershipType: Owner, Admin, Member, Boardmember, ServiceAccount, or Guest.

MembershipType is derived, not set directly

Section titled “MembershipType is derived, not set directly”

MembershipType is a projection of the member’s highest RBAC role level, not an independent field:

  • Role.Level Owner → Owner; Admin → Admin; Write/Read → Member; no roles → Member.
  • It is recomputed by MembershipTierService.RecomputeForMemberAsync whenever roles change (MembershipTierService.cs:24).
  • Excluded from derivation (set explicitly): ServiceAccount, Guest, Group, Boardmember.

Relationships

Section titled “Relationships”

ConnectedIds participate in org structure via an edge table — member_of, reporting, and reference relationships (teams, reporting lines). Reporting hierarchy is many-to-many and nestable.