Skip to main content

User & Group Management

Koveria's User & Group Management provides an Active Directory-compatible organizational model for controlling who can access what across the platform.

Welcome to Koveria's User & Group Management - an Active Directory-compatible system for organizing your team and controlling access.

What You'll Find Here

🚀 Getting Started

Sign up and join your organization.

  • Self-Registration - Create account
  • Overview - User/group concepts
  • First Login - Portal tour

📖 End User Guides

Manage your profile and groups.

  • Profile - View/edit profile
  • My Groups - View group memberships
  • Joining Groups - Request to join
  • Leaving Groups - Leave groups
  • Security - Password, 2FA, sessions

💡 Core Concepts

Understand user/group model.

  • Domain Groups - What is domain group?
  • Nested Groups - Groups in groups
  • RBAC Roles - Role-based access
  • ./concepts/access-inheritance.md - How access propagates
  • ./concepts/org-vs-group.md - Platform org vs customer org

⚙️ Admin Guide

For organization administrators.

  • User Management - Create, edit, suspend users
  • Group Management - Create, edit, delete groups
  • Inviting Users - Email invitations
  • Role Assignment - Assign roles
  • Domain Group Settings - Billing, seat limits
  • Bulk Operations - Bulk import/export
  • Audit Logs - User activity logs

🏗️ Architecture

Technical architecture documentation.

  • Overview - System design
  • Self-Registration Flow - First user → Domain group
  • RLS Enforcement - Multi-level RLS
  • Group Membership - Recursive resolution
  • AD Integration - LDAP/AD sync (Phase 1)

📚 API Reference

Complete API documentation.

  • REST API - User/group endpoints
  • Data Model - Database schema
  • RBAC Permissions - Permission matrix
  • Limits - User/group limits

Key Concepts

🏢 Domain Group = Your Company

Domain Group is your company (e.g., "Customer's Company" for @acme.com users).

Properties:

  • Billing Unit: Stripe subscription tied to domain group
  • Visibility Boundary: "Public" collections visible to all members
  • RLS Enforcement: Row-Level Security for sensitive data
  • Automatic Membership: All @acme.com users automatically join

🌳 Nested Groups = Flexible Structure

Create any structure you want:

Customer's Company (domain group)
├── Engineering
│   ├── Backend Team
│   └── Frontend Team
├── Marketing
└── Sales

No fixed types - users decide structure.

🔐 User/Group-Based Access

Knowledge collections use user/group access:

  • Private: Only you
  • Restricted: Specific users/groups
  • Public: All domain group members

Not workspace/team-based - orthogonal to platform hierarchy.

For End Users:

  • Sign up
  • Manage profile
  • Join groups

For Admins:

For Architects:

Document Status: ✅ READY (P1 - Week 3) Owner: Technical Writer