Organizations
Understanding the organization model in Novacore — ownership, roles, membership, and access control.
Organizations are the root ownership entity in Novacore. Everything — sites, devices, gateways, and data — belongs to an organization.
Why Organizations?
The org model enables:
- Multi-tenancy: Multiple users managing shared energy infrastructure
- Delegation: Grant different access levels to team members
- Isolation: Each org's data and devices are separate
- Billing boundary: Usage and subscriptions are per-org
Roles and Permissions
Each organization member has a role that determines their access level:
| Role | Description |
|---|---|
| Owner | Full control. The identity that created the org. Can transfer ownership, delete org, manage billing. |
| Admin | Full access to org resources. Can manage members, sites, devices, and gateways. |
| Operator | Can control devices and view data. Optionally scoped to specific sites. |
| Viewer | Read-only access to telemetry and site data. |
Knowledge gap for Johan: What is the full permission matrix for each role? Can operators be scoped to specific sites? What actions does each role enable?
Organization Lifecycle
Creating an Organization
After authenticating, create an org:
POST /organizations
{
"name": "My Energy Lab"
}
The authenticated identity becomes the owner.
Inviting Members
Add members to your organization with a specific role:
POST /organizations/{org_id}/members
{
"identity_id": "usr-tobias-xyz",
"role": "admin"
}
Knowledge gap for Johan: How are members invited? By identity ID, email, or public key? Is there an invitation flow with acceptance, or is it instant?
Managing Gateways
Gateways (Zaps) are claimed into an organization. See Gateway Claiming for the full flow.
Managing Sites and Devices
Sites are created within an org. Devices are provisioned to sites. See:
- Sites API - Creating and managing sites
- Device Provisioning - Adding devices to sites
Ownership Model
ORGANIZATION
├── owner_id → IDENTITY (the creator)
├── MEMBERS
│ ├── identity_id → IDENTITY (role: admin)
│ ├── identity_id → IDENTITY (role: operator)
│ └── identity_id → IDENTITY (role: viewer)
├── SITES
│ ├── DEVICES → DERs
│ └── DEVICES → DERs
└── GATEWAYS (claimed to this org)
- An identity can belong to multiple organizations
- A gateway can only be claimed by one organization at a time
- Devices belong to a site within an org
- If a gateway is reclaimed by a different org, its devices become orphaned
Related Documentation
- Data Models - Full platform hierarchy
- Authentication - Identity and auth flows
- Organizations API - Org management endpoints