logo logo
Design: Database: ULID-Bundles meta

Database ULID-Bundles (ULID is member's user dbid as a ulid)
Purpose Track the bundles shared with a member.
Cardinality one ULID-Bundles database per member in the engagement
one item per bundle shared with the member
zero or one EscrowCredentialsItem for members who have not accepted their invitation.
Zod Models
item union of EscrowCredentialsItem and BundleItem
item.item either EscrowCredentialsRecord or BundleRecord
itemId 'ec${mnum}' where mnum is the member number
item: EscrowCredentialsRecord
    kind 'escrowcredentials'
    mnum number assigned to member
    messagee member's ESCROW user validation message
    username member's ESCROW username
    password member's ESCROW password
itemId number assigned to bundle. first bundle is 1.
item: BundleRecord
    kind 'bundle'
    bnum number assigned to bundle (same as itemId)
    bid BID of the bundle
    datadbid dbid of the corresponding BID-Data database
    entriesdbid dbid of the corresponding BID-Entries database
    name name of bundle
    description description of bundle
    restricted true if bundle is restricted
        folders number of folders in the bundle
        files number of files in the bundle
        size approximate total size of the bundle


Securepub creates a ULID-Bundles database for a member when the host adds the member to the engagement.

It contains one item for each bundle shared with the member with the same attributes as the Host's Bundles database.

It also contains an escrow credentials item used to grant the member read access to restricted bundles when they accept their invitation.

(see userbase-js/types/index.d.ts)

  export interface Item {              userbase item
    itemId: string                    ╭────────────────┐
    item: any ────────────────────┬──▶│ kind: 'bundle' │
    createdBy: Attribution        │   │ bnum: 1        │
    updatedBy?: Attribution       │   │ ...            │
    fileId?: string               │   ╰────────────────┘
    fileName?: string             │
    fileSize?: number             │
    fileUploadedBy?: Attribution  │   ╭─────────────────────────────┐
    writeAccess?: AccessControl   └──▶│ kind: 'escrowcredentials'   │
  }                                   │ mnum: 2                     │
                                      │ username: 'ibrahim'         │
                                      │ password: '01H6ET...'       │


Each guest invited to an engagement by a host has two Userbase accounts representing different security roles:

  • the GUEST user which
    • holds the guest's data which they may share with others and
    • is given read privileges to data whose terms the guest has accepted

  • the ESCROW user which
    • is granted privileges to read and reshare databases offered to the GUEST

When a host offers to share a restricted bundle with an invited member, the host grants the read privileges to the ESCROW user and stores the credentials for that role in the member's ULID-Bundles database.

When the member accepts their invitation, they use the escrow credentials in the ULID-Bundles database to signin as their ESCROW user and then reshare the corresponding data with their GUEST role.

The itemId of a EscrowCredentialsItem is the concatenation of the string 'a' and the member number. E.g. 'a1' for member number 1.

Securepub removes the ESCROW user and credentials from the ULID-Bundles database after an invited member accepts their invitation since at that point they are no longer needed. Databases of bundles shared with accepted members are directly shared with the member's regular GUEST user.


When a shares a bundle with a guest the corresponding BundleItem is copied from the Bundles database to the guest's ULID-Bundles database.

The itemId of a BundleItem is the bundle's bnum (bundle number).

Ownership and Access

The host owns all ULID-Bundle databases.

Other members in the engagement have read permission to their ULID-Bundle database.

Zod models

See EscrowCredentialsItem and BundleItem on the design page for the Bundles database.