Address Patterns

This page lists the canonical pattern for each identifier type. All patterns follow the prv-{team}-{type}-{qualifier} structure. In email contexts, append @{domain}.

Quick Reference

Category	Pattern	Example
Department	`prv-{dept}-dept`	`prv-eng-dept`
Team	`prv-{dept}-team-{teamslug}`	`prv-eng-team-apps`
People roster	`prv-{scope}-people-{audience}`	`prv-org-people-w2-active`
Identity roster	`prv-{scope}-ident-{audience}`	`prv-org-ident-auto-active`
Role	`prv-{owner}-role-{system}[-{scope}][-{env}]-{perm}`	`prv-plt-role-aws-idc-prd-admin`
Mail	`prv-{audience}-mail[-{topic}]`	`prv-team-mail-engineering-updates`
Intake	`prv-{owner}-intake-{source}[-{topic}]`	`prv-sec-intake-wks-dlp`
Alerts	`prv-{owner}-alerts-{system}[-{scope}][-{env}]`	`prv-plt-alerts-aws-prd`
Infra	`prv-{owner}-infra-{system}[-{scope}][-{env}]-{purpose}`	`prv-plt-infra-gl-ci-router`
Automation	`prv-{owner}-auto-{system}-{purpose}`	`prv-plt-auto-wks-sync`
Admin account	`prv-{owner}-admin-{vendor}`	`prv-plt-admin-aws`
Customer umbrella	`prv-{owner}-cus-{cusslug}-{audience}`	`prv-ops-cus-slope-collab`
Project	`prv-{owner}-prj-{cusslug}-{prjslug}-{audience}`	`prv-eng-prj-slope-mod-team`
Vendor	`prv-{owner}-vendor-{extorg}`	`prv-ops-vendor-acme`
Partner	`prv-{owner}-partner-{extorg}[-{function}]`	`prv-sal-partner-aws-alliance`
Fleet	`prv-flt-{qualifier}`	`prv-flt-monitoring-prd`

People & Identity Rosters

People rosters track who is in a lifecycle state. They carry no privileges — they’re membership lists that other groups reference.

prv-{scope}-people-{audience}@{domain}
prv-{scope}-ident-{audience}@{domain}

Examples:

Pattern	Purpose
`prv-org-people-execs-active`	Active executive team members
`prv-org-people-w2-active`	Active W-2 employees
`prv-org-people-contractors-eng-active`	Active engineering contractors
`prv-org-people-all-active`	Rollup: all active humans
`prv-org-ident-auto-active`	Active automation accounts

Departments & Teams

Departments are durable organizational units. Teams are working groups within departments.

prv-{dept}-dept@{domain}
prv-{dept}-team[-{teamslug}]@{domain}

Examples:

Pattern	Purpose
`prv-eng-dept`	Engineering department
`prv-eng-team-apps`	Apps team within Engineering
`prv-eng-team-sre`	SRE team within Engineering
`prv-plt-team-wks`	Workspace team within Platform
`prv-sec-team-grc`	GRC team within Security

Roles & Permissions

Roles grant access to systems. The owner (second octet) is the team that manages the role, not necessarily the team that uses it.

prv-{owner}-role-{system}[-{scope}][-{env}]-{perm}@{domain}

Examples:

Pattern	Purpose
`prv-plt-role-wks-admin`	Google Workspace admin, managed by Platform
`prv-plt-role-aws-idc-prd-admin`	AWS Identity Center prod admin
`prv-eng-role-gl-maintainer`	GitLab maintainer, managed by Engineering
`prv-plt-role-tf-cloud-admin`	Terraform Cloud admin

Mail Pipelines

Four pipe types, each for a different purpose. See Mail Pipelines for the full guide.

Mail (human-facing)

prv-{audience}-mail[-{topic}]@{domain}

Distribution lists and shared inboxes for human readers.

Pattern	Purpose
`prv-team-mail-all`	All-hands distribution
`prv-team-mail-eng-updates`	Engineering updates
`prv-collab-mail-support`	External support inbox

Intake (machine reports)

prv-{owner}-intake-{source}[-{topic}]@{domain}

Where machines send reports, audit feeds, and automated notifications.

Pattern	Purpose
`prv-sec-intake-wks-dlp`	Workspace DLP scan results
`prv-plt-intake-aws-billing`	AWS billing reports
`prv-sec-intake-dmarc`	DMARC aggregate reports

Alerts (on-call)

prv-{owner}-alerts-{system}[-{scope}][-{env}]@{domain}

Urgent notifications routed to on-call personnel.

Pattern	Purpose
`prv-plt-alerts-aws-prd`	AWS production alerts
`prv-sec-alerts-op-breach`	1Password breach alerts
`prv-plt-alerts-wks-admin`	Workspace admin alerts

Infra (automation routers)

prv-{owner}-infra-{system}[-{scope}][-{env}]-{purpose}@{domain}

Machine-to-machine routing. No humans as direct members.

Pattern	Purpose
`prv-plt-infra-gl-ci-router`	GitLab CI event router
`prv-plt-infra-tf-plan-notify`	Terraform plan notifications
`prv-sec-infra-wks-dlp-classifier`	Workspace DLP finding classifier

Automation Accounts

prv-{owner}-auto-{system}-{purpose}@{primary_domain}

Bot and service account identifiers.

Pattern	Purpose
`prv-plt-auto-wks-sync`	Workspace sync bot
`prv-eng-auto-gl-ci-runner`	GitLab CI runner account
`prv-sec-auto-op-rotation`	1Password credential rotation

Platform Engineering Accounts

Shared admin accounts for platform services:

prv-plt-admin-{vendor}@{domain}

Pattern	Purpose
`prv-plt-admin-aws`	Shared AWS admin
`prv-plt-admin-gl`	Shared GitLab admin
`prv-plt-admin-tf`	Shared Terraform admin

Fleet Resources

Customer infrastructure fleet identifiers:

prv-flt-{qualifier}

Pattern	Purpose
`prv-flt-monitoring-prd`	Production fleet monitoring
`prv-flt-dns-mgmt`	Fleet DNS management
`prv-flt-cert-rotation`	Fleet certificate rotation

Customer & Project Engagement

prv-{owner}-cus-{cusslug}-{audience}@{domain}
prv-{owner}-prj-{cusslug}-{prjslug}-{audience}@{domain}

Pattern	Purpose
`prv-ops-cus-slope-collab`	Slope Clinical — external collaboration
`prv-ops-cus-slope-team`	Slope Clinical — internal team
`prv-ops-cus-slope-strict`	Slope Clinical — restricted/sensitive
`prv-eng-prj-slope-mod-team`	Slope Modernization project — internal

Vendor & Partner Engagement

prv-{owner}-vendor-{extorg}@{domain}
prv-{owner}-partner-{extorg}[-{function}]@{domain}

Pattern	Purpose
`prv-ops-vendor-acme`	Acme vendor engagement
`prv-sal-partner-aws-alliance`	AWS alliance partnership
`prv-eng-partner-gl-prosrv`	GitLab professional services