Account Model
Purpose
This page defines the stable account and role model that all clients and server code must follow.
Base Account
Each person has one user account.
The base account is the canonical identity for:
- sign-in
- password management
- email verification
- saved items and buyer actions
- seller ownership
- admin access if granted
Locked rules:
- email is the only login identifier in the first version
- email must be unique and compared case-insensitively
- phone numbers may be stored as contact data but are not login identifiers
Visible User Reference
Each user also has a stable support reference.
Locked rules:
- separate from the internal UUID
- unique
- immutable
- never reused
- format:
USR-XXXXXXXX - suffix uses uppercase characters from
23456789ABCDEFGHJKMNPQRSTVWXYZ
Seller Model
A seller is not a separate login account.
Instead:
- seller status attaches to the base user
- a person may act as a buyer and seller through one account
- seller eligibility and seller permissions are resolved from seller profile state, not a separate identity system
Dealer Model
A dealer is a business entity, not a login identity.
Users may be connected to a dealer through dealer membership or delegated business permissions, but the login identity still belongs to the user account.
Admin Model
Admin access is staff-only.
Locked rules:
- no public signup path for admin
- admin is granted explicitly
- admin permissions are separate from seller and dealer permissions
- the grant history must remain auditable
Minimal Core Records
The stable identity model depends on these records:
usersseller_profilesdealersdealer_membershipsuser_admin_grants
Practical Direction
Clients should assume:
- one user identity
- optional seller status
- optional business membership
- optional admin grant
Everything else builds on top of that model.