Implementation:OpenHands OpenHands OrgService Get Owner Role
| Knowledge Sources | |
|---|---|
| Domains | Organization_Management, Multi_Tenancy |
| Last Updated | 2026-02-11 21:00 GMT |
Overview
Concrete tool for resolving the Owner role and creating organization membership entities provided by the OpenHands enterprise storage layer.
Description
OrgService.get_owner_role retrieves the predefined Owner role from the role catalog in the database. This role represents the highest permission level within an organization and is automatically assigned to the user who creates the organization.
The companion method create_org_member_entity (at L148-173) constructs an OrgMember model instance that binds a user to an organization with a specific role and default member settings. Together, these two methods implement the ownership establishment step of the onboarding workflow:
get_owner_role()resolves the Role object.create_org_member_entity()uses that role's ID to build the OrgMember record.
The OrgMember entity is constructed in memory and is not persisted until the final transaction commit step.
Usage
Call get_owner_role() once during the onboarding workflow to obtain the Owner role, then pass its ID to create_org_member_entity() to build the membership binding. These calls occur after the Org entity has been constructed but before persistence.
Code Reference
Source Location
- Repository: OpenHands
- File:
enterprise/storage/org_service.py - Lines: L132-145 (get_owner_role), L148-173 (create_org_member_entity)
Signature
def get_owner_role(self) -> Role:
"""Retrieve the predefined Owner role from the role catalog.
Returns:
The Role instance representing the Owner permission set.
Raises:
RoleNotFoundError: If the Owner role is not present in the database.
"""
def create_org_member_entity(
self,
org_id: UUID,
user_id: str,
role_id: int,
settings: dict,
) -> OrgMember:
"""Construct an OrgMember entity binding a user to an organization with a role.
Args:
org_id: The organization's UUID.
user_id: The user's Keycloak ID.
role_id: The role ID to assign (e.g., Owner role ID).
settings: Default member settings dictionary.
Returns:
A fully initialized OrgMember instance (not yet persisted).
"""
Import
from enterprise.storage.org_service import OrgService
I/O Contract
Inputs (get_owner_role)
| Name | Type | Required | Description |
|---|---|---|---|
| (none) | — | — | No parameters; queries the role catalog internally |
Outputs (get_owner_role)
| Name | Type | Description |
|---|---|---|
| role | Role | The Owner role entity containing the role ID and permission definitions |
Inputs (create_org_member_entity)
| Name | Type | Required | Description |
|---|---|---|---|
| org_id | UUID | Yes | The UUID of the organization |
| user_id | str | Yes | The Keycloak user ID of the member |
| role_id | int | Yes | The ID of the role to assign (from get_owner_role) |
| settings | dict | Yes | Default member settings to apply |
Outputs (create_org_member_entity)
| Name | Type | Description |
|---|---|---|
| org_member | OrgMember | A fully constructed membership entity binding the user to the organization with the specified role |
Usage Examples
Basic Usage
from uuid import uuid4
from enterprise.storage.org_service import OrgService
org_service = OrgService(session=db_session)
org_id = uuid4()
user_id = "keycloak-user-abc123"
# Step 1: Resolve the Owner role
owner_role = org_service.get_owner_role()
# Step 2: Create the membership entity
org_member = org_service.create_org_member_entity(
org_id=org_id,
user_id=user_id,
role_id=owner_role.id,
settings={"notifications": True, "default_model": "gpt-4"},
)
# org_member is ready for persistence alongside the Org entity