User Management
CORTEX provides comprehensive user lifecycle management within a multi-tenant environment.
User Model
interface User {
id: string; // UUID
email: string; // Unique within tenant
firstName: string;
lastName: string;
tenantId: string; // Owning tenant
status: UserStatus;
lastLoginAt: Date | null;
createdAt: Date;
updatedAt: Date;
}
enum UserStatus {
ACTIVE = 'ACTIVE',
SUSPENDED = 'SUSPENDED',
INACTIVE = 'INACTIVE',
}
User Lifecycle
┌──────────────┐
Registration ───▶│ ACTIVE │
└──────────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ SUSPENDED │ │ (stays │ │ INACTIVE │
│ │ │ ACTIVE) │ │ │
└──────────┘ └──────────┘ └──────────┘
│ │
└──────────▶───────────────┘
(can reactivate)
Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /users | Create user |
GET | /users | List users |
GET | /users/:id | Get user by ID |
PATCH | /users/:id | Update user |
DELETE | /users/:id | Delete user |
GET | /users/:id/roles | Get user's roles |
POST | /users/:id/suspend | Suspend user |
POST | /users/:id/reactivate | Reactivate user |
Key Features
Email Uniqueness
Email addresses are unique within a tenant. The same email can exist in different tenants.
Soft Delete
Users are soft-deleted (marked as INACTIVE) rather than hard-deleted, preserving audit history.
Status Management
User status can be changed programmatically or administratively to control access.
Organization Membership
Users can belong to multiple organizations within a tenant.
User Statuses
| Status | Can Login | Description |
|---|---|---|
ACTIVE | Yes | Normal account |
SUSPENDED | No | Temporarily disabled |
INACTIVE | No | Permanently disabled / deleted |
Related Concepts
- Authentication — Login and token management
- RBAC — Role assignments and permissions
- Organizations — Organization membership