Entities — users, organizations, groups
Every observatory, telescope, observing account, observation, and access grant in Skynet is owned by an entity. As a telescope owner you'll work primarily with two entity types — users and organizations — plus groups, which are how organizations partition their members.
Knowing how these fit together up front saves friction later: most of the access-control questions ("who can edit this queue?", "whose observing account funded this observation?") resolve back to the entity graph.
Users
A user is one person (or one automated agent) interacting with Skynet. Users can:
- Own observatories, telescopes, devices, instruments, and observing accounts directly (typical for single-owner amateur or research installations).
- Submit observation requests and access their results.
- Hold memberships in one or more organizations and groups.
- Hold direct access grants to telescopes and observing queues owned by others.
User accounts are created via the normal sign-up flow; once a user exists, an organization can invite them.
Organizations
An organization is the institutional owner — typically a university, research group, or observatory operator. Organizations exist to:
- Own resources at institutional scale. University-owned telescopes and observatories live under the organization, not under any individual user. People come and go; the organization persists.
- Manage membership. Organizations invite users, accept them as members, and revoke membership when needed.
- Apply RBAC. Organizations define roles that bundle permissions on resources the organization owns. Members are assigned one or more roles. Roles let you say things like "telescope operators can edit settings and queues, but only PIs can grant observing time to external groups."
- Form consortiums. Multiple organizations can pool telescope time and coordinate multi-observatory science campaigns. Each participating organization keeps ownership of its own facilities and can adjust or revoke shared access at any time.
For an organization-owned telescope, RBAC is what lets you delegate day-to-day operations without handing out blanket admin rights.
Groups
A group is a sub-collection of members inside an organization, used to grant access to a defined subset of people without naming each of them. Typical uses:
- A class of students who all need access to a specific observing account for a semester.
- A research team that shares a project's observations.
- A consortium working group with members from multiple organizations (organizations can grant access to groups whose members live in other organizations).
Groups have their own roles and permissions, so the same person can have different authority in different groups within the same organization.
How ownership and access connect
Most resources in Skynet carry an owner_id (the entity that owns it)
and a collection of access grants (entities that have been granted
specific permissions on it).
- Observatories and telescopes are owned by an entity — usually an organization, sometimes a user. Owners have full administrative control.
- Observing accounts are owned by an entity and aggregate one or more observing queues. Members can be granted permission to submit observations through the account.
- Observations and projects are owned by the entity that funded them (so the bill lands in the right account). The creator is the user who actually authored the observation, which may differ from the owner when an org member submits on the org's behalf.
For the specific telescope-side access surface — access grants, queues, queue access grants, observing accounts — see Telescope access.
Reference
Entity Schema (Abstract Base)
Properties
| Name | Type | Description |
|---|---|---|
| id | Integer |
Unique identifier of the user/organization. |
| uid | UUID |
Universally unique identifier for the user/organization, used for public references and URLs. |
| entity_type | Enum(user, organization) |
Type of entity (user/organization) |
| name | String(100) |
Name of the user/organization. |
| slug | String(100) |
Unique identifier used in URLs referencing the user/organization. |
| is_public | Boolean |
Whether the user/organization is public or private. |
| location | String(100) (Optional) |
Location provided by the user or organization in their public profile |
| country | String(100) (Optional) |
Country provided by the user or organization in their public profile |
| website_url | String(2048) (Optional) |
Website URL provided by the user or organization in their public profile |
| description | String(Unbounded) (Optional) |
Description/Bio provided by the user or organization in their public profile |
| created_on | DateTime |
Creation time of this account |
| profile_image_id | UUID (Optional) |
Profile image of the user/organization. |
Relationships
| Relationship Name | Type |
|---|---|
| profile_image | File |
| log | LogEntry |
| telescope_access_grants | TelescopeAccessGrant |
| observing_accounts | ObservingAccount |
| external_observing_grants | ExternallyManagedObservingGrant |
| sites | Site |
| observatories | Observatory |
| telescopes | Telescope |
| sky_node_installations | SkyNodeInstallation |
| custom_device_models | DeviceModel |
| integrations | Integration |
Subclasses
| Name | entity_type |
|---|---|
User |
user |
Organization |
organization |
User Schema
Properties
| Name | Type | Description |
|---|---|---|
| id | Integer |
Unique identifier of the user/organization. |
| username | String(100) |
No description |
| first_name | String(100) (Optional) |
First name of the user |
| last_name | String(100) (Optional) |
Last name of the user |
| title | String(100) (Optional) |
Title provided by the user in their public profile |
| affiliation | String(100) (Optional) |
Affiliation provided by the user in their public profile |
| language | String(100) (Optional) |
Language provided by the user in their public profile |
| birthdate | DateTime (Optional) |
Birthdate provided by the user in their public profile |
| facebook_id | String(100) (Optional) |
Facebook ID provided by the user in their public profile |
| twitter_id | String(100) (Optional) |
Twitter ID provided by the user in their public profile |
| linkedin_id | String(100) (Optional) |
LinkedIn ID provided by the user in their public profile |
| orcid_id | String(100) (Optional) |
ORCID ID provided by the user in their public profile |
| github_id | String(100) (Optional) |
GitHub ID provided by the user in their public profile |
String(100) |
Email address of the user | |
| normalized_email | String(100) |
Canonicalized email used for dedup |
| is_deleted | Boolean |
Whether the user account has been deleted |
| can_modify | Boolean |
Whether the user is allowed to modify their profile data |
| uid | UUID |
Universally unique identifier for the user/organization, used for public references and URLs. |
| entity_type | Enum(user, organization) |
Type of entity (user/organization) |
| name | String(100) |
Name of the user/organization. |
| slug | String(100) |
Unique identifier used in URLs referencing the user/organization. |
| is_public | Boolean |
Whether the user/organization is public or private. |
| location | String(100) (Optional) |
Location provided by the user or organization in their public profile |
| country | String(100) (Optional) |
Country provided by the user or organization in their public profile |
| website_url | String(2048) (Optional) |
Website URL provided by the user or organization in their public profile |
| description | String(Unbounded) (Optional) |
Description/Bio provided by the user or organization in their public profile |
| created_on | DateTime |
Creation time of this account |
| profile_image_id | UUID (Optional) |
Profile image of the user/organization. |
Relationships
| Relationship Name | Type |
|---|---|
| observing_grants | MemberObservingGrant |
| tokens | Token |
| oauth_clients | UserOAuthClient |
| installed_alert_integrations | AlertIntegration |
| profile_image | File |
| log | LogEntry |
| telescope_access_grants | TelescopeAccessGrant |
| observing_accounts | ObservingAccount |
| external_observing_grants | ExternallyManagedObservingGrant |
| sites | Site |
| observatories | Observatory |
| telescopes | Telescope |
| sky_node_installations | SkyNodeInstallation |
| custom_device_models | DeviceModel |
| integrations | Integration |
Organization Schema
Properties
| Name | Type | Description |
|---|---|---|
| id | Integer |
Unique identifier of the user/organization. |
| short_name | String(50) (Optional) |
No description |
| allow_request_to_join | Boolean |
No description |
| uid | UUID |
Universally unique identifier for the user/organization, used for public references and URLs. |
| entity_type | Enum(user, organization) |
Type of entity (user/organization) |
| name | String(100) |
Name of the user/organization. |
| slug | String(100) |
Unique identifier used in URLs referencing the user/organization. |
| is_public | Boolean |
Whether the user/organization is public or private. |
| location | String(100) (Optional) |
Location provided by the user or organization in their public profile |
| country | String(100) (Optional) |
Country provided by the user or organization in their public profile |
| website_url | String(2048) (Optional) |
Website URL provided by the user or organization in their public profile |
| description | String(Unbounded) (Optional) |
Description/Bio provided by the user or organization in their public profile |
| created_on | DateTime |
Creation time of this account |
| profile_image_id | UUID (Optional) |
Profile image of the user/organization. |
Relationships
| Relationship Name | Type |
|---|---|
| memberships | OrganizationMembership |
| observing_policies | ObservingPolicy |
| groups | Group |
| role_grants | OrganizationRoleGrant |
| profile_image | File |
| log | LogEntry |
| telescope_access_grants | TelescopeAccessGrant |
| observing_accounts | ObservingAccount |
| external_observing_grants | ExternallyManagedObservingGrant |
| sites | Site |
| observatories | Observatory |
| telescopes | Telescope |
| sky_node_installations | SkyNodeInstallation |
| custom_device_models | DeviceModel |
| integrations | Integration |