UserGroup

Represents a collection of users who share common access requirements, organizational structure, or functional responsibilities. Groups provide an additional layer of access management between individual users and roles, making it easier to manage permissions for teams, departments, or projects. Instead of assigning roles to each user individually, you assign roles to a group, and all group members inherit those roles. Groups can be hierarchical - a 'Company' group might contain 'Department' groups, which contain 'Team' groups. Members inherit permissions from all their parent groups. Groups can be static (manually managed membership) or dynamic (automatically populated based on user attributes like department or location). They're essential for modeling real-world organizational structures in the access control system. Groups can have their own permissions independent of roles, useful for resource ownership (like 'Marketing Team owns marketing folders'). They support temporary membership for contractors or project-based work, and can enforce approval workflows for joining sensitive groups. This entity is crucial for scalable access management in large organizations where managing individual user permissions would be impractical.

24 properties

Schema

Properties

Property	Type	Mode	Description	Required
groupId	uuid	stored	Unique identifier for this group	Required
code	string	stored	Unique machine-readable group identifier Example: `"eng_team_backend"`	Required
name	string	stored	Human-friendly group name Example: `"Backend Engineering Team"`	Required
description	string	stored	Purpose and membership criteria for this group Example: `"All backend engineers working on core API and infrastructure"`	Optional
type	string	enum	Classification of the group Values: `organization, department, team, project, committee, custom` Example: `"team"`	Required
parentGroupId	uuid	stored	Parent group in the hierarchy	Optional
membershipType	string	enum	How members are added to this group Values: `static, dynamic, hybrid`	Optional
membershipRules	string	stored	JSON rules for automatic membership (dynamic groups) Example: `"{\"department\":\"engineering\",\"level\":[\"senior\",\"staff\",\"principal\"]}"`	Optional
maxMembers	integer	stored	Maximum allowed members (null for unlimited)	Optional
requiresApproval	boolean	stored	Whether joining this group needs approval	Optional
approvers	string	stored	JSON array of user IDs who can approve membership	Optional
autoExpireDays	integer	stored	Days until membership automatically expires	Optional
isSystem	boolean	stored	Whether this is a system-managed group	Optional
isPrivate	boolean	stored	Whether group membership is hidden from non-members	Optional
isActive	boolean	stored	Whether this group is currently active	Optional
owner	User	stored	Primary owner/manager of this group	Optional
delegatedOwners	string	stored	JSON array of additional group managers	Optional
settings	string	stored	JSON object of group-specific settings	Optional
tags	string	stored	JSON array of tags for categorization Example: `"[\"engineering\",\"backend\",\"api\"]"`	Optional
createdAt	DateTime	stored	When this group was created	Required
createdBy	User	stored	User who created this group	Optional
updatedAt	DateTime	stored	Last modification timestamp	Optional
archivedAt	DateTime	stored	When this group was archived	Optional
metadata	object	stored	Additional group configuration and attributes	Optional

Examples

Example 1

{
  "@type": "UserGroup",
  "groupId": "grp_backend_eng",
  "code": "eng_backend",
  "name": "Backend Engineering",
  "description": "Core backend engineering team responsible for APIs, databases, and infrastructure",
  "type": "team",
  "parentGroupId": "grp_engineering",
  "membershipType": "hybrid",
  "membershipRules": "{\"department\":\"engineering\",\"team\":\"backend\"}",
  "maxMembers": 50,
  "requiresApproval": true,
  "approvers": "[\"user_cto\",\"user_eng_director\"]",
  "autoExpireDays": null,
  "isSystem": false,
  "isPrivate": false,
  "isActive": true,
  "owner": "user_eng_director",
  "delegatedOwners": "[\"user_backend_lead\",\"user_principal_eng\"]",
  "settings": "{\"slack_channel\":\"#backend-team\",\"github_team\":\"backend-engineers\"}",
  "tags": "[\"engineering\",\"backend\",\"api\",\"infrastructure\"]",
  "createdAt": "2024-01-01T00:00:00Z",
  "createdBy": "user_cto",
  "metadata": {
    "costCenter": "ENG001",
    "budget": "team_backend"
  }
}

Example 2

{
  "@type": "UserGroup",
  "groupId": "grp_project_phoenix",
  "code": "proj_phoenix",
  "name": "Project Phoenix Team",
  "description": "Cross-functional team for Q2 2024 Phoenix initiative",
  "type": "project",
  "membershipType": "static",
  "maxMembers": 20,
  "requiresApproval": false,
  "autoExpireDays": 90,
  "isSystem": false,
  "isPrivate": true,
  "isActive": true,
  "owner": "user_project_manager",
  "settings": "{\"jira_project\":\"PHX\",\"confluence_space\":\"PHOENIX\"}",
  "tags": "[\"project\",\"q2_2024\",\"strategic\"]",
  "createdAt": "2024-03-01T00:00:00Z",
  "metadata": {
    "projectCode": "PHX-2024",
    "deadline": "2024-06-30"
  }
}