Skip to content

Workspace Access

Control data access at workspace level.

Workspace Isolation

All queries should filter by workspace:

@app.get("/projects")
def list_projects(user: UserData = Depends(authenticator)):
    projects = db.projects.find({
        "workspace_id": user.workspace_id
    })
    return projects

Multi-Workspace Users

Users can belong to multiple workspaces:

{
  "user_id": "user:alice",
  "workspaces": [
    {"id": "ws_eng", "roles": ["developer"]},
    {"id": "ws_design", "roles": ["viewer"]}
  ]
}

Switch Workspace

curl -X POST http://localhost:8000/api/sso/v1/workspace/switch \
  -d '{"workspace_id": "ws_eng"}'