Skip to main content

Workspaces and members

A workspace is the top-level tenancy unit for backups, packs, and snapshots. People access a workspace through memberships: each member has a role (and optionally extra scope tweaks). This guide describes how that model surfaces in the Lighthouse Backup Go SDK.

For how roles map to scopes, API-key intersection, and HTTP semantics, see Roles, scopes, and permissions.

Concepts​

Members​

A workspace member ties a Lighthouse user to one workspace. The API returns metadata such as email, display name, role, optional extraScopes / revokedScopes, and when the membership was created.

Roles​

Roles are string labels that map to a default set of permissions on the server. The SDK defines these constants:

  • RoleOwner (owner)
  • RoleAdmin (admin)
  • RoleMember (member)
  • RoleViewer (viewer)

When inviting (WorkspaceMemberInvite) or updating a member’s role (WorkspaceMemberUpdate), use admin, member, or viewer. Do not send owner in invite requests.

Scopes​

Beyond role defaults, the API can grant extraScopes or withhold revokedScopes. The SDK exposes constants including:

  • ScopeBackupWrite, ScopeBackupRead
  • ScopeRestoreWrite, ScopeRestoreRead
  • ScopeSnapshotsRead
  • ScopeUserRead
  • ScopeAPIKeysManage
  • ScopeWorkspaceManage

Workspaces: create, select, and inspect​

wsList, err := client.ListWorkspaces()
if err != nil {
	log.Fatal(err)
}

var workspaceID string
if len(wsList.Workspaces) == 0 {
	created, err := client.CreateWorkspace(backup.WorkspaceCreateRequest{
		Name: "prod-db-backups",
	})
	if err != nil {
		log.Fatal(err)
	}
	workspaceID = created.WorkspaceID
} else {
	workspaceID = wsList.Workspaces[0].WorkspaceID
}

client.SetWorkspaceID(workspaceID)
log.Printf("Using workspace: %s", workspaceID)

Member operations with BackupClient​

Note: You must have sufficient permissions (typically admin or owner role, with appropriate scopes) to perform any of the following member operations.

List members​

members, err := client.ListWorkspaceMembers(workspaceID)
if err != nil {
	return err
}
for _, m := range members {
	_ = m
}

Invite a member​

member, err := client.AddWorkspaceMember(workspaceID, backup.WorkspaceMemberInvite{
	Email: "dba@example.com",
	Role:  backup.RoleMember,
})
if err != nil {
	return err
}
_ = member

Update role and scopes​

updated, err := client.UpdateWorkspaceMember(workspaceID, userID, backup.WorkspaceMemberUpdate{
	Role:          backup.RoleAdmin,
	ExtraScopes:   []string{backup.ScopeSnapshotsRead},
	RevokedScopes: nil,
})
if err != nil {
	return err
}
_ = updated

Remove a member​

err := client.RemoveWorkspaceMember(workspaceID, userID)
if err != nil {
	return err
}