Skip to Content
Backend ReferenceAccounts and Teams

Identity & Multi-Tenancy

The accounts system is the foundational trust layer of PlugZero. It doesn’t just manage logins; it defines the boundaries of collaboration through a sophisticated Multi-Tenant RBAC (Role-Based Access Control) model.

🔐 The Identity Philosophy

We treat identity as a “Project-Agnostic” entity. A developer or analyst has one identity (their Email/User account) but can inhabit multiple “Vessels” (Teams and Projects) across the platform.

Authenticating with 2FA

Security is non-negotiable for enterprise research. We implement Time-based One-Time Passwords (TOTP) as our primary secondary factor.

  • Why TOTP?: We chose TOTP over SMS to ensure compliance with strict privacy regulations and to provide offline availability for global research teams.
  • The Secret Handshake: When a user enables 2FA, we generate a Base32 secret stored in an encrypted field. The QR code provided to the user is merely a URI representation of this secret, ensuring it never leaves the system in a readable format once set.

👥 The Team Ecosystem

Collaboration in PlugZero happens within Teams. A Team acts as a shared workspace where projects, data assets, and research insights reside.

Role-Based Reasoning

We differentiate access based on the “intent” of the user turn. The choice of role is sticky within a Team context:

  • The Administrator (ADMIN): The “Guardian” of the workspace. Only Admins can invited new members, modify the billing tier (SMB vs Enterprise), or revoke access.
  • The Analyst (MEMBER): The primary engine of the platform. Members have full operational capability—they can create projects, run deep-seated AI analysis, and generate reports. However, they are shielded from administrative complexity.
  • The Stakeholder (VIEWER): A read-only role designed for end-clients or executive leadership. They can view the live dashboards and “Health Scores” but cannot modify the underlying data or run new ad-hoc calculations.

🛡️ Permission Guards

Every API request in PlugZero passes through a “Permission Matrix” before it ever hits the computational engine.

  1. Identity Verification: Is the JWT valid?
  2. Scope Verification: Does the requested Project ID actually belong to a Team this user is a member of?
  3. Role Verification: Does the user’s role in that specific Team allow the requested action (e.g., POST vs GET)?
⚠️

The Orphan Rule: When a user is removed from a team, they lose access to all projects associated with that team immediately. However, their personal research logs remain archived but “locked” until they join a new collaborative unit.

Last updated on
The DatabaseData Ingestion