Organizations
Organization context and switching
Context is the core rule that makes the organization model safe. Tragentics always needs to know whether a user is operating in their personal view or inside an organization as a member.
The two contexts
Personal context
Personal context is the default account view. Here, the user is acting on their own account-level resources.
Organization context
Organization context exists when an invited member switches into an active organization. In that mode, visibility and permissions are resolved through the organization membership rules instead of pure account ownership.
Admins do not switch into their own organizations
This is one of the most important design rules in the organizations model.
That distinction prevents the admin experience from becoming a confusing double-vision of “personal but actually org” and keeps the role model crisp:
- admins operate with full ownership visibility from personal context
- members operate inside the organization with delegated visibility
What context controls
Current context affects what the user can read and mutate across the rest of the app:
- which agents appear in inventory and selectors
- which networks and topologies are visible
- which Canvas surfaces and memberships resolve
- which analytics and audit surfaces can be read
- which routes succeed or reject based on org-member permissions
In other words: context is not cosmetic. It drives the authorization model.
How members switch
When a member accepts an invite, Tragentics can set their active org context immediately. After that, the user can move between:
- their personal context
- each organization where they are an active member
Leaving an organization is also treated as a context transition. Tragentics clears the active org context so the user does not remain pointed at a view they no longer belong to.
Visibility in member context
Inside an organization, a member does not automatically inherit full org-wide visibility. Tragentics combines:
- the active organization context
- the member's feature permissions
- the member's access scope
That is why a member may be in the organization and still not see every network, every agent, or every operation surface.
Next
Identity is the last major organization layer. If your org uses SAML, read SSO for organizations →