Users with access to an Organization

Self managed users are part of an instance wide user pool. This implies certain user abilities within the instance. With the introduction of Organization we are shifting some of these abilities to the Organization level and out of the instance level. This will help to bring feature parity between self managed and SaaS.

We should create a join table organization_users that represents users with access to an Organization. This will need to be cluster wide to support an organization switcher, among other features.

It's unclear whether we want to create organization users through an explicit invite process or not.

An explicit process:

• Would force a user to join an organization before joining a group/project.
• From a UX perspective this seems tricky.
  • Say I want to invite Bob to my group but he's not an organization user yet. How does this work?
  • Presumably only Organization owners can create organization users? Every invite must therefore go via the Organization owners.

An implied organization user:

• Would be invited to a group/project directly, and the organization_users record would be created automatically.
• Organization users would still have the ability to remove the organization user and all their memberships if needed.

Note that there is another kind of organization - user relationship with Organizations own Users (#407837 - closed)