Org and User

Org

An Org (organization) is the isolation boundary for all objects in the Crafting system, with the exception of Personal secrets which belong only to individual users. Nothing is shared across different orgs — sandboxes, templates, snapshots, secrets, service accounts, and other objects are all scoped to a single org.

User

A User represents a human identity in the Crafting system. Users are independent of orgs and may have memberships in one or more orgs.

Membership

A user may have memberships in one or more orgs. Each membership defines the role of the user within that particular org. There are currently two roles:

• Admin: Grants the member full access to any object within the org, including org members, org settings, service accounts, connected infrastructure, and all other privileged operations.
• Member: Grants the member access to most common objects such as sandboxes, templates, shared secrets, snapshots, and endpoint aliases, but not to org-level privileged resources such as org members, org settings, service accounts, and connected infrastructures.

An admin can invite a user to an org, temporarily disable a membership (preventing the user from accessing the org), or permanently remove a membership.

See Also

• Service Account — machine identities for automation within an org
• Secret — secrets scoped to org, personal, or private levels
• Sandbox Sharing Mode — controlling who can access a sandbox
• Restriction Mode — privileged workspace access for admins