Understanding accounts and roles
Out of the box, we support personal accounts and team accounts.
A good example of this in the wild is Github, where you have your own personal account, but can also create team accounts.
Personal Accounts
- Created automatically when a user signs up, using the user's ID as the Account ID
- Do NOT support invitations or multiple members
- DO support billing through Stripe
Personal accounts cannot be disabled, they are always created. You can choose to ignore them by simply not creating any interfaces for them and disabling billing for them.
Team Accounts
- Any user can create a team
- DO support billing through Stripe
- DO support invitations and multiple members
- The user who creates the account becomes the
primary_owner ownerusers can manage invitations, users and billingmemberhave access to accounts, but can not edit themprimary_ownercannot be removed, but you can change the primary owner of an account
To enable team accounts, set team_accounts_enabled to true in the basejump.config table.
Team member roles
Basejump provides a set of roles that you can use to configure your permissions. You can also create your own roles if you need to.
owner- Owners have access to everything, including billing and inviting new usersmember- Members can access the account, but cannot invite new users or manage billing
Adding a new role
To add a new role, you need to add it to the basejump.account_roles enum value in postgres. New roles do not have any special permissions by default, any RLS policies defined using basic account member checks will apply to the new role.
ALTER TYPE basejump.account_role ADD VALUE 'your_new_role';