feat: handle instance from context (#3382)

* commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-12 03:57:32 +00:00 · 2022-03-29 11:53:19 +02:00
parent c5b99274d7
commit 958362e6c9
101 changed files with 1520 additions and 274 deletions
--- a/internal/query/action.go
+++ b/internal/query/action.go
@@ -101,7 +101,7 @@ func (q *Queries) SearchActions(ctx context.Context, queries *ActionSearchQuerie
 	query, scan := prepareActionsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ActionColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ActionColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).
 		ToSql()
 	if err != nil {
@@ -126,7 +126,7 @@ func (q *Queries) GetActionByID(ctx context.Context, id string, orgID string) (*
 		sq.Eq{
 			ActionColumnID.identifier():            id,
 			ActionColumnResourceOwner.identifier(): orgID,
-			ActionColumnInstanceID.identifier():    authz.GetInstance(ctx).ID,
+			ActionColumnInstanceID.identifier():    authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dgff3", "Errors.Query.SQLStatement")
--- a/internal/query/action_flow.go
+++ b/internal/query/action_flow.go
@@ -68,7 +68,7 @@ func (q *Queries) GetFlow(ctx context.Context, flowType domain.FlowType, orgID s
 		sq.Eq{
 			FlowsTriggersColumnFlowType.identifier():      flowType,
 			FlowsTriggersColumnResourceOwner.identifier(): orgID,
-			FlowsTriggersColumnInstanceID.identifier():    authz.GetInstance(ctx).ID,
+			FlowsTriggersColumnInstanceID.identifier():    authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-HBRh3", "Errors.Query.InvalidRequest")
@@ -88,7 +88,7 @@ func (q *Queries) GetActiveActionsByFlowAndTriggerType(ctx context.Context, flow
 			FlowsTriggersColumnFlowType.identifier():      flowType,
 			FlowsTriggersColumnTriggerType.identifier():   triggerType,
 			FlowsTriggersColumnResourceOwner.identifier(): orgID,
-			FlowsTriggersColumnInstanceID.identifier():    authz.GetInstance(ctx).ID,
+			FlowsTriggersColumnInstanceID.identifier():    authz.GetInstance(ctx).InstanceID(),
 			ActionColumnState.identifier():                domain.ActionStateActive,
 		},
 	).ToSql()
@@ -108,7 +108,7 @@ func (q *Queries) GetFlowTypesOfActionID(ctx context.Context, actionID string) (
 	query, args, err := stmt.Where(
 		sq.Eq{
 			FlowsTriggersColumnActionID.identifier():   actionID,
-			FlowsTriggersColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			FlowsTriggersColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
--- a/internal/query/app.go
+++ b/internal/query/app.go
@@ -212,7 +212,7 @@ func (q *Queries) AppByProjectAndAppID(ctx context.Context, projectID, appID str
 		sq.Eq{
 			AppColumnID.identifier():         appID,
 			AppColumnProjectID.identifier():  projectID,
-			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -228,7 +228,7 @@ func (q *Queries) AppByID(ctx context.Context, appID string) (*App, error) {
 	query, args, err := stmt.Where(
 		sq.Eq{
 			AppColumnID.identifier():         appID,
-			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -244,7 +244,7 @@ func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (
 	query, args, err := stmt.Where(
 		sq.Eq{
 			AppOIDCConfigColumnClientID.identifier(): appID,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).ID,
+			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -259,7 +259,7 @@ func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (stri
 	stmt, scan := prepareProjectIDByAppQuery()
 	query, args, err := stmt.Where(
 		sq.And{
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID},
+			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
 			sq.Or{
 				sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
 				sq.Eq{AppAPIConfigColumnClientID.identifier(): appID},
@@ -279,7 +279,7 @@ func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string) (*Projec
 	query, args, err := stmt.Where(
 		sq.Eq{
 			AppOIDCConfigColumnClientID.identifier(): id,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).ID,
+			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -295,7 +295,7 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (*App,
 	query, args, err := stmt.Where(
 		sq.Eq{
 			AppOIDCConfigColumnClientID.identifier(): clientID,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).ID,
+			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -310,7 +310,7 @@ func (q *Queries) AppByClientID(ctx context.Context, clientID string) (*App, err
 	stmt, scan := prepareAppQuery()
 	query, args, err := stmt.Where(
 		sq.And{
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID},
+			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
 			sq.Or{
 				sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
 				sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
@@ -329,7 +329,7 @@ func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*A
 	query, scan := prepareAppsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID},
+			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
 		).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest")
@@ -351,7 +351,7 @@ func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries
 	query, scan := prepareClientIDsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).ID},
+			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
 		).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest")
--- a/internal/query/authn_key.go
+++ b/internal/query/authn_key.go
@@ -103,7 +103,7 @@ func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQu
 	stmt, args, err := query.Where(
 		sq.Eq{
 			AuthNKeyColumnEnabled.identifier():    true,
-			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -131,7 +131,7 @@ func (q *Queries) GetAuthNKeyByID(ctx context.Context, id string, queries ...Sea
 		sq.Eq{
 			AuthNKeyColumnID.identifier():         id,
 			AuthNKeyColumnEnabled.identifier():    true,
-			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement")
@@ -149,7 +149,7 @@ func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id
 				AuthNKeyColumnID.identifier():         id,
 				AuthNKeyColumnIdentifier.identifier(): identifier,
 				AuthNKeyColumnEnabled.identifier():    true,
-				AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Gt{
 				AuthNKeyColumnExpiration.identifier(): time.Now(),
--- a/internal/query/custom_text.go
+++ b/internal/query/custom_text.go
@@ -86,7 +86,7 @@ func (q *Queries) CustomTextList(ctx context.Context, aggregateID, template, lan
 			CustomTextColAggregateID.identifier(): aggregateID,
 			CustomTextColTemplate.identifier():    template,
 			CustomTextColLanguage.identifier():    language,
-			CustomTextColInstanceID.identifier():  authz.GetInstance(ctx).ID,
+			CustomTextColInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -111,7 +111,7 @@ func (q *Queries) CustomTextListByTemplate(ctx context.Context, aggregateID, tem
 		sq.Eq{
 			CustomTextColAggregateID.identifier(): aggregateID,
 			CustomTextColTemplate.identifier():    template,
-			CustomTextColInstanceID.identifier():  authz.GetInstance(ctx).ID,
+			CustomTextColInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
--- a/internal/query/features.go
+++ b/internal/query/features.go
@@ -163,7 +163,7 @@ func (q *Queries) FeaturesByOrgID(ctx context.Context, orgID string) (*Features,
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				FeatureColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				FeatureColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -188,7 +188,7 @@ func (q *Queries) DefaultFeatures(ctx context.Context) (*Features, error) {
 	query, scan := prepareFeaturesQuery()
 	stmt, args, err := query.Where(sq.Eq{
 		FeatureColumnAggregateID.identifier(): domain.IAMID,
-		FeatureColumnInstanceID.identifier():  authz.GetInstance(ctx).ID,
+		FeatureColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-1Ndlg", "Errors.Query.SQLStatement")
--- a/internal/query/iam_member.go
+++ b/internal/query/iam_member.go
@@ -65,7 +65,7 @@ func (q *Queries) IAMMembers(ctx context.Context, queries *IAMMembersQuery) (*Me
 	query, scan := prepareInstanceMembersQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			InstanceMemberInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			InstanceMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest")
--- a/internal/query/idp.go
+++ b/internal/query/idp.go
@@ -186,7 +186,7 @@ func (q *Queries) IDPByIDAndResourceOwner(ctx context.Context, id, resourceOwner
 		sq.And{
 			sq.Eq{
 				IDPIDCol.identifier():         id,
-				IDPInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+				IDPInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -211,7 +211,7 @@ func (q *Queries) IDPs(ctx context.Context, queries *IDPSearchQueries) (idps *ID
 	query, scan := prepareIDPsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			IDPInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			IDPInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-X6X7y", "Errors.Query.InvalidRequest")
--- a/internal/query/idp_login_policy_link.go
+++ b/internal/query/idp_login_policy_link.go
@@ -75,7 +75,7 @@ func (q *Queries) IDPLoginPolicyLinks(ctx context.Context, resourceOwner string,
 	stmt, args, err := queries.toQuery(query).Where(
 		sq.Eq{
 			IDPLoginPolicyLinkResourceOwnerCol.identifier(): resourceOwner,
-			IDPLoginPolicyLinkInstanceIDCol.identifier():    authz.GetInstance(ctx).ID,
+			IDPLoginPolicyLinkInstanceIDCol.identifier():    authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
--- a/internal/query/idp_user_link.go
+++ b/internal/query/idp_user_link.go
@@ -86,7 +86,7 @@ func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQ
 	query, scan := prepareIDPUserLinksQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			IDPUserLinkInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			IDPUserLinkInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-4zzFK", "Errors.Query.InvalidRequest")
--- a/internal/query/instance.go
+++ b/internal/query/instance.go
@@ -39,6 +39,10 @@ var (
 		name:  projection.InstanceColumnProjectID,
 		table: instanceTable,
 	}
+	InstanceColumnConsoleID = Column{
+		name:  projection.InstanceColumnConsoleID,
+		table: instanceTable,
+	}
 	InstanceColumnSetupStarted = Column{
 		name:  projection.InstanceColumnSetUpStarted,
 		table: instanceTable,
@@ -60,11 +64,24 @@ type Instance struct {

 	GlobalOrgID     string
 	IAMProjectID    string
+	ConsoleID       string
 	DefaultLanguage language.Tag
 	SetupStarted    domain.Step
 	SetupDone       domain.Step
 }

+func (i *Instance) InstanceID() string {
+	return i.ID
+}
+
+func (i *Instance) ProjectID() string {
+	return i.IAMProjectID
+}
+
+func (i *Instance) ConsoleClientID() string {
+	return i.ConsoleID
+}
+
 type InstanceSearchQueries struct {
 	SearchRequest
 	Queries []SearchQuery
@@ -81,7 +98,7 @@ func (q *InstanceSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder
 func (q *Queries) Instance(ctx context.Context) (*Instance, error) {
 	stmt, scan := prepareIAMQuery()
 	query, args, err := stmt.Where(sq.Eq{
-		InstanceColumnID.identifier(): authz.GetInstance(ctx).ID,
+		InstanceColumnID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-d9ngs", "Errors.Query.SQLStatement")
@@ -91,6 +108,19 @@ func (q *Queries) Instance(ctx context.Context) (*Instance, error) {
 	return scan(row)
 }

+func (q *Queries) InstanceByHost(ctx context.Context, host string) (authz.Instance, error) {
+	stmt, scan := prepareIAMQuery()
+	query, args, err := stmt.Where(sq.Eq{
+		InstanceColumnID.identifier(): "system", //TODO: change column to domain when available
+	}).ToSql()
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "QUERY-SAfg2", "Errors.Query.SQLStatement")
+	}
+
+	row := q.client.QueryRowContext(ctx, query, args...)
+	return scan(row)
+}
+
 func (q *Queries) GetDefaultLanguage(ctx context.Context) language.Tag {
 	iam, err := q.Instance(ctx)
 	if err != nil {
@@ -106,6 +136,7 @@ func prepareIAMQuery() (sq.SelectBuilder, func(*sql.Row) (*Instance, error)) {
 			InstanceColumnSequence.identifier(),
 			InstanceColumnGlobalOrgID.identifier(),
 			InstanceColumnProjectID.identifier(),
+			InstanceColumnConsoleID.identifier(),
 			InstanceColumnSetupStarted.identifier(),
 			InstanceColumnSetupDone.identifier(),
 			InstanceColumnDefaultLanguage.identifier(),
@@ -120,6 +151,7 @@ func prepareIAMQuery() (sq.SelectBuilder, func(*sql.Row) (*Instance, error)) {
 				&iam.Sequence,
 				&iam.GlobalOrgID,
 				&iam.IAMProjectID,
+				&iam.ConsoleID,
 				&iam.SetupStarted,
 				&iam.SetupDone,
 				&lang,
--- a/internal/query/instance_test.go
+++ b/internal/query/instance_test.go
@@ -35,6 +35,7 @@ func Test_InstancePrepares(t *testing.T) {
 						` projections.instances.sequence,`+
 						` projections.instances.global_org_id,`+
 						` projections.instances.iam_project_id,`+
+						` projections.instances.console_client_id,`+
 						` projections.instances.setup_started,`+
 						` projections.instances.setup_done,`+
 						` projections.instances.default_language`+
@@ -61,6 +62,7 @@ func Test_InstancePrepares(t *testing.T) {
 						` projections.instances.sequence,`+
 						` projections.instances.global_org_id,`+
 						` projections.instances.iam_project_id,`+
+						` projections.instances.console_client_id,`+
 						` projections.instances.setup_started,`+
 						` projections.instances.setup_done,`+
 						` projections.instances.default_language`+
@@ -71,6 +73,7 @@ func Test_InstancePrepares(t *testing.T) {
 						"sequence",
 						"global_org_id",
 						"iam_project_id",
+						"console_client_id",
 						"setup_started",
 						"setup_done",
 						"default_language",
@@ -81,6 +84,7 @@ func Test_InstancePrepares(t *testing.T) {
 						uint64(20211108),
 						"global-org-id",
 						"project-id",
+						"client-id",
 						domain.Step2,
 						domain.Step1,
 						"en",
@@ -93,6 +97,7 @@ func Test_InstancePrepares(t *testing.T) {
 				Sequence:        20211108,
 				GlobalOrgID:     "global-org-id",
 				IAMProjectID:    "project-id",
+				ConsoleID:       "client-id",
 				SetupStarted:    domain.Step2,
 				SetupDone:       domain.Step1,
 				DefaultLanguage: language.English,
@@ -108,6 +113,7 @@ func Test_InstancePrepares(t *testing.T) {
 						` projections.instances.sequence,`+
 						` projections.instances.global_org_id,`+
 						` projections.instances.iam_project_id,`+
+						` projections.instances.console_client_id,`+
 						` projections.instances.setup_started,`+
 						` projections.instances.setup_done,`+
 						` projections.instances.default_language`+
--- a/internal/query/key.go
+++ b/internal/query/key.go
@@ -181,7 +181,7 @@ func (q *Queries) ActivePublicKeys(ctx context.Context, t time.Time) (*PublicKey
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				KeyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				KeyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Gt{
 				KeyPublicColExpiry.identifier(): t,
@@ -212,7 +212,7 @@ func (q *Queries) ActivePrivateSigningKey(ctx context.Context, t time.Time) (*Pr
 		sq.And{
 			sq.Eq{
 				KeyColUse.identifier():        domain.KeyUsageSigning,
-				KeyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				KeyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Gt{
 				KeyPrivateColExpiry.identifier(): t,
--- a/internal/query/label_policy.go
+++ b/internal/query/label_policy.go
@@ -54,7 +54,7 @@ func (q *Queries) ActiveLabelPolicyByOrg(ctx context.Context, orgID string) (*La
 			},
 			sq.Eq{
 				LabelPolicyColState.identifier():      domain.LabelPolicyStateActive,
-				LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 		}).
 		OrderBy(LabelPolicyColIsDefault.identifier()).
@@ -81,7 +81,7 @@ func (q *Queries) PreviewLabelPolicyByOrg(ctx context.Context, orgID string) (*L
 			},
 			sq.Eq{
 				LabelPolicyColState.identifier():      domain.LabelPolicyStatePreview,
-				LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 		}).
 		OrderBy(LabelPolicyColIsDefault.identifier()).
@@ -99,7 +99,7 @@ func (q *Queries) DefaultActiveLabelPolicy(ctx context.Context) (*LabelPolicy, e
 	query, args, err := stmt.Where(sq.Eq{
 		LabelPolicyColID.identifier():         domain.IAMID,
 		LabelPolicyColState.identifier():      domain.LabelPolicyStateActive,
-		LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(LabelPolicyColIsDefault.identifier()).
 		Limit(1).ToSql()
@@ -116,7 +116,7 @@ func (q *Queries) DefaultPreviewLabelPolicy(ctx context.Context) (*LabelPolicy,
 	query, args, err := stmt.Where(sq.Eq{
 		LabelPolicyColID.identifier():         domain.IAMID,
 		LabelPolicyColState.identifier():      domain.LabelPolicyStatePreview,
-		LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LabelPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(LabelPolicyColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/lockout_policy.go
+++ b/internal/query/lockout_policy.go
@@ -80,7 +80,7 @@ func (q *Queries) LockoutPolicyByOrg(ctx context.Context, orgID string) (*Lockou
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				LockoutColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LockoutColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -105,7 +105,7 @@ func (q *Queries) DefaultLockoutPolicy(ctx context.Context) (*LockoutPolicy, err
 	stmt, scan := prepareLockoutPolicyQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		LockoutColID.identifier():         domain.IAMID,
-		LockoutColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LockoutColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(LockoutColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/login_policy.go
+++ b/internal/query/login_policy.go
@@ -134,7 +134,7 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, orgID string) (*LoginPoli
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -159,7 +159,7 @@ func (q *Queries) DefaultLoginPolicy(ctx context.Context) (*LoginPolicy, error)
 	query, scan := prepareLoginPolicyQuery()
 	stmt, args, err := query.Where(sq.Eq{
 		LoginPolicyColumnOrgID.identifier():      domain.IAMID,
-		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-t4TBK", "Errors.Query.SQLStatement")
@@ -174,7 +174,7 @@ func (q *Queries) SecondFactorsByOrg(ctx context.Context, orgID string) (*Second
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -204,7 +204,7 @@ func (q *Queries) DefaultSecondFactors(ctx context.Context) (*SecondFactors, err
 	query, scan := prepareLoginPolicy2FAsQuery()
 	stmt, args, err := query.Where(sq.Eq{
 		LoginPolicyColumnOrgID.identifier():      domain.IAMID,
-		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-CZ2Nv", "Errors.Query.SQLStatement")
@@ -224,7 +224,7 @@ func (q *Queries) MultiFactorsByOrg(ctx context.Context, orgID string) (*MultiFa
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -254,7 +254,7 @@ func (q *Queries) DefaultMultiFactors(ctx context.Context) (*MultiFactors, error
 	query, scan := prepareLoginPolicyMFAsQuery()
 	stmt, args, err := query.Where(sq.Eq{
 		LoginPolicyColumnOrgID.identifier():      domain.IAMID,
-		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-WxYjr", "Errors.Query.SQLStatement")
--- a/internal/query/mail_template.go
+++ b/internal/query/mail_template.go
@@ -68,7 +68,7 @@ func (q *Queries) MailTemplateByOrg(ctx context.Context, orgID string) (*MailTem
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				MailTemplateColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				MailTemplateColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -93,7 +93,7 @@ func (q *Queries) DefaultMailTemplate(ctx context.Context) (*MailTemplate, error
 	stmt, scan := prepareMailTemplateQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		MailTemplateColAggregateID.identifier(): domain.IAMID,
-		MailTemplateColInstanceID.identifier():  authz.GetInstance(ctx).ID,
+		MailTemplateColInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(MailTemplateColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/message_text.go
+++ b/internal/query/message_text.go
@@ -122,7 +122,7 @@ func (q *Queries) MessageTextByOrg(ctx context.Context, orgID string) (*MessageT
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				MessageTextColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				MessageTextColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -147,7 +147,7 @@ func (q *Queries) DefaultMessageText(ctx context.Context) (*MessageText, error)
 	stmt, scan := prepareMessageTextQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		MessageTextColAggregateID.identifier(): domain.IAMID,
-		MessageTextColInstanceID.identifier():  authz.GetInstance(ctx).ID,
+		MessageTextColInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).
 		Limit(1).ToSql()
 	if err != nil {
@@ -177,7 +177,7 @@ func (q *Queries) CustomMessageTextByTypeAndLanguage(ctx context.Context, aggreg
 			MessageTextColLanguage.identifier():    language,
 			MessageTextColType.identifier():        messageType,
 			MessageTextColAggregateID.identifier(): aggregateID,
-			MessageTextColInstanceID.identifier():  authz.GetInstance(ctx).ID,
+			MessageTextColInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 		},
 	).
 		OrderBy(MessageTextColAggregateID.identifier()).
--- a/internal/query/notification_provider.go
+++ b/internal/query/notification_provider.go
@@ -73,7 +73,7 @@ func (q *Queries) NotificationProviderByIDAndType(ctx context.Context, aggID str
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				NotificationProviderColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				NotificationProviderColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
--- a/internal/query/oidc_settings.go
+++ b/internal/query/oidc_settings.go
@@ -76,7 +76,7 @@ func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (
 	stmt, scan := prepareOIDCSettingsQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		OIDCSettingsColumnAggregateID.identifier(): aggregateID,
-		OIDCSettingsColumnInstanceID.identifier():  authz.GetInstance(ctx).ID,
+		OIDCSettingsColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment")
--- a/internal/query/org.go
+++ b/internal/query/org.go
@@ -90,7 +90,7 @@ func (q *Queries) OrgByID(ctx context.Context, id string) (*Org, error) {
 	stmt, scan := prepareOrgQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		OrgColumnID.identifier():         id,
-		OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-AWx52", "Errors.Query.SQLStatement")
@@ -104,7 +104,7 @@ func (q *Queries) OrgByDomainGlobal(ctx context.Context, domain string) (*Org, e
 	stmt, scan := prepareOrgQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		OrgColumnDomain.identifier():     domain,
-		OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement")
@@ -119,7 +119,7 @@ func (q *Queries) IsOrgUnique(ctx context.Context, name, domain string) (isUniqu
 	stmt, args, err := query.Where(
 		sq.And{
 			sq.Eq{
-				OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -147,7 +147,7 @@ func (q *Queries) SearchOrgs(ctx context.Context, queries *OrgSearchQueries) (or
 	query, scan := prepareOrgsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-wQ3by", "Errors.Query.InvalidRequest")
--- a/internal/query/org_domain.go
+++ b/internal/query/org_domain.go
@@ -58,7 +58,7 @@ func (q *Queries) SearchOrgDomains(ctx context.Context, queries *OrgDomainSearch
 	query, scan := prepareDomainsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			OrgDomainInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			OrgDomainInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-ZRfj1", "Errors.Query.SQLStatement")
--- a/internal/query/org_iam_policy.go
+++ b/internal/query/org_iam_policy.go
@@ -75,7 +75,7 @@ func (q *Queries) DomainPolicyByOrg(ctx context.Context, orgID string) (*DomainP
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				DomainPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				DomainPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -100,7 +100,7 @@ func (q *Queries) DefaultDomainPolicy(ctx context.Context) (*DomainPolicy, error
 	stmt, scan := prepareDomainPolicyQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		DomainPolicyColID.identifier():         domain.IAMID,
-		DomainPolicyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		DomainPolicyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(DomainPolicyColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/org_member.go
+++ b/internal/query/org_member.go
@@ -66,7 +66,7 @@ func (q *Queries) OrgMembers(ctx context.Context, queries *OrgMembersQuery) (*Me
 	query, scan := prepareOrgMembersQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			OrgMemberInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			OrgMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-PDAVB", "Errors.Query.InvalidRequest")
--- a/internal/query/password_age_policy.go
+++ b/internal/query/password_age_policy.go
@@ -79,7 +79,7 @@ func (q *Queries) PasswordAgePolicyByOrg(ctx context.Context, orgID string) (*Pa
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				PasswordAgeColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				PasswordAgeColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
--- a/internal/query/password_complexity_policy.go
+++ b/internal/query/password_complexity_policy.go
@@ -36,7 +36,7 @@ func (q *Queries) PasswordComplexityPolicyByOrg(ctx context.Context, orgID strin
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				PasswordComplexityColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				PasswordComplexityColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -61,7 +61,7 @@ func (q *Queries) DefaultPasswordComplexityPolicy(ctx context.Context) (*Passwor
 	stmt, scan := preparePasswordComplexityPolicyQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		PasswordComplexityColID.identifier():         domain.IAMID,
-		PasswordComplexityColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		PasswordComplexityColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(PasswordComplexityColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/privacy_policy.go
+++ b/internal/query/privacy_policy.go
@@ -84,7 +84,7 @@ func (q *Queries) PrivacyPolicyByOrg(ctx context.Context, orgID string) (*Privac
 	query, args, err := stmt.Where(
 		sq.And{
 			sq.Eq{
-				PrivacyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+				PrivacyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 			},
 			sq.Or{
 				sq.Eq{
@@ -109,7 +109,7 @@ func (q *Queries) DefaultPrivacyPolicy(ctx context.Context) (*PrivacyPolicy, err
 	stmt, scan := preparePrivacyPolicyQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		PrivacyColID.identifier():         domain.IAMID,
-		PrivacyColInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		PrivacyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).
 		OrderBy(PrivacyColIsDefault.identifier()).
 		Limit(1).ToSql()
--- a/internal/query/project.go
+++ b/internal/query/project.go
@@ -102,7 +102,7 @@ func (q *Queries) ProjectByID(ctx context.Context, id string) (*Project, error)
 	stmt, scan := prepareProjectQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		ProjectColumnID.identifier():         id,
-		ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment")
@@ -121,7 +121,7 @@ func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQuer
 	query, scan := prepareProjectsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-fn9ew", "Errors.Query.InvalidRequest")
--- a/internal/query/project_grant.go
+++ b/internal/query/project_grant.go
@@ -109,7 +109,7 @@ func (q *Queries) ProjectGrantByID(ctx context.Context, id string) (*ProjectGran
 	stmt, scan := prepareProjectGrantQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		ProjectGrantColumnGrantID.identifier():    id,
-		ProjectGrantColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		ProjectGrantColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Nf93d", "Errors.Query.SQLStatment")
@@ -124,7 +124,7 @@ func (q *Queries) ProjectGrantByIDAndGrantedOrg(ctx context.Context, id, granted
 	query, args, err := stmt.Where(sq.Eq{
 		ProjectGrantColumnGrantID.identifier():      id,
 		ProjectGrantColumnGrantedOrgID.identifier(): grantedOrg,
-		ProjectGrantColumnInstanceID.identifier():   authz.GetInstance(ctx).ID,
+		ProjectGrantColumnInstanceID.identifier():   authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-MO9fs", "Errors.Query.SQLStatment")
@@ -143,7 +143,7 @@ func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrant
 	query, scan := prepareProjectGrantsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectGrantColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectGrantColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-N9fsg", "Errors.Query.InvalidRequest")
--- a/internal/query/project_grant_member.go
+++ b/internal/query/project_grant_member.go
@@ -80,7 +80,7 @@ func (q *Queries) ProjectGrantMembers(ctx context.Context, queries *ProjectGrant
 	query, scan := prepareProjectGrantMembersQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectGrantMemberInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectGrantMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest")
--- a/internal/query/project_member.go
+++ b/internal/query/project_member.go
@@ -67,7 +67,7 @@ func (q *Queries) ProjectMembers(ctx context.Context, queries *ProjectMembersQue
 	query, scan := prepareProjectMembersQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectMemberInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-T8CuT", "Errors.Query.InvalidRequest")
--- a/internal/query/project_role.go
+++ b/internal/query/project_role.go
@@ -87,7 +87,7 @@ func (q *Queries) ProjectRoleByID(ctx context.Context, projectID, key string) (*
 		Where(sq.Eq{
 			ProjectRoleColumnProjectID.identifier():  projectID,
 			ProjectRoleColumnKey.identifier():        key,
-			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-2N0fs", "Errors.Query.SQLStatment")
@@ -106,7 +106,7 @@ func (q *Queries) SearchProjectRoles(ctx context.Context, queries *ProjectRoleSe
 	query, scan := prepareProjectRolesQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest")
@@ -136,7 +136,7 @@ func (q *Queries) SearchGrantedProjectRoles(ctx context.Context, grantID, grante
 	query, scan := prepareProjectRolesQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest")
--- a/internal/query/projection/instance.go
+++ b/internal/query/projection/instance.go
@@ -17,6 +17,7 @@ const (
 	InstanceColumnChangeDate      = "change_date"
 	InstanceColumnGlobalOrgID     = "global_org_id"
 	InstanceColumnProjectID       = "iam_project_id"
+	InstanceColumnConsoleID       = "console_client_id"
 	InstanceColumnSequence        = "sequence"
 	InstanceColumnSetUpStarted    = "setup_started"
 	InstanceColumnSetUpDone       = "setup_done"
@@ -37,6 +38,7 @@ func NewInstanceProjection(ctx context.Context, config crdb.StatementHandlerConf
 			crdb.NewColumn(InstanceColumnChangeDate, crdb.ColumnTypeTimestamp),
 			crdb.NewColumn(InstanceColumnGlobalOrgID, crdb.ColumnTypeText, crdb.Default("")),
 			crdb.NewColumn(InstanceColumnProjectID, crdb.ColumnTypeText, crdb.Default("")),
+			crdb.NewColumn(InstanceColumnConsoleID, crdb.ColumnTypeText, crdb.Default("")),
 			crdb.NewColumn(InstanceColumnSequence, crdb.ColumnTypeInt64),
 			crdb.NewColumn(InstanceColumnSetUpStarted, crdb.ColumnTypeInt64, crdb.Default(0)),
 			crdb.NewColumn(InstanceColumnSetUpDone, crdb.ColumnTypeInt64, crdb.Default(0)),
@@ -62,6 +64,10 @@ func (p *InstanceProjection) reducers() []handler.AggregateReducer {
 					Event:  instance.ProjectSetEventType,
 					Reduce: p.reduceIAMProjectSet,
 				},
+				{
+					Event:  instance.ConsoleSetEventType,
+					Reduce: p.reduceConsoleSet,
+				},
 				{
 					Event:  instance.DefaultLanguageSetEventType,
 					Reduce: p.reduceDefaultLanguageSet,
@@ -111,6 +117,22 @@ func (p *InstanceProjection) reduceIAMProjectSet(event eventstore.Event) (*handl
 	), nil
 }

+func (p *InstanceProjection) reduceConsoleSet(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*instance.ConsoleSetEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dgf11", "reduce.wrong.event.type %s", instance.ConsoleSetEventType)
+	}
+	return crdb.NewUpsertStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(InstanceColumnID, e.Aggregate().InstanceID),
+			handler.NewCol(InstanceColumnChangeDate, e.CreationDate()),
+			handler.NewCol(InstanceColumnSequence, e.Sequence()),
+			handler.NewCol(InstanceColumnConsoleID, e.ClientID),
+		},
+	), nil
+}
+
 func (p *InstanceProjection) reduceDefaultLanguageSet(event eventstore.Event) (*handler.Statement, error) {
 	e, ok := event.(*instance.DefaultLanguageSetEvent)
 	if !ok {
--- a/internal/query/projection/instance_member.go
+++ b/internal/query/projection/instance_member.go
@@ -14,7 +14,7 @@ import (
 const (
 	InstanceMemberProjectionTable = "projections.instance_members"

-	InstanceMemberIAMIDCol = "instance_id"
+	InstanceMemberIAMIDCol = "id"
 )

 type InstanceMemberProjection struct {
--- a/internal/query/projection/instance_member_test.go
+++ b/internal/query/projection/instance_member_test.go
@@ -44,7 +44,7 @@ func TestInstanceMemberProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.instance_members (user_id, roles, creation_date, change_date, sequence, resource_owner, instance_id, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+							expectedStmt: "INSERT INTO projections.instance_members (user_id, roles, creation_date, change_date, sequence, resource_owner, instance_id, id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
 							expectedArgs: []interface{}{
 								"user-id",
 								pq.StringArray{"role"},
--- a/internal/query/projection/login_name.go
+++ b/internal/query/projection/login_name.go
@@ -107,7 +107,7 @@ func NewLoginNameProjection(ctx context.Context, config crdb.StatementHandlerCon
 		),
 		crdb.NewSuffixedTable([]*crdb.Column{
 			crdb.NewColumn(LoginNameDomainNameCol, crdb.ColumnTypeText),
-			crdb.NewColumn(LoginNameDomainIsPrimaryCol, crdb.ColumnTypeBool),
+			crdb.NewColumn(LoginNameDomainIsPrimaryCol, crdb.ColumnTypeBool, crdb.Default(false)),
 			crdb.NewColumn(LoginNameDomainResourceOwnerCol, crdb.ColumnTypeText),
 			crdb.NewColumn(LoginNameDomainInstanceIDCol, crdb.ColumnTypeText),
 		},
--- a/internal/query/projection/login_policy.go
+++ b/internal/query/projection/login_policy.go
@@ -56,8 +56,8 @@ func NewLoginPolicyProjection(ctx context.Context, config crdb.StatementHandlerC
 			crdb.NewColumn(LoginPolicyAllowUsernamePasswordCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(LoginPolicyAllowExternalIDPsCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(LoginPolicyForceMFACol, crdb.ColumnTypeBool),
-			crdb.NewColumn(LoginPolicy2FAsCol, crdb.ColumnTypeEnumArray),
-			crdb.NewColumn(LoginPolicyMFAsCol, crdb.ColumnTypeEnumArray),
+			crdb.NewColumn(LoginPolicy2FAsCol, crdb.ColumnTypeEnumArray, crdb.Nullable()),
+			crdb.NewColumn(LoginPolicyMFAsCol, crdb.ColumnTypeEnumArray, crdb.Nullable()),
 			crdb.NewColumn(LoginPolicyPasswordlessTypeCol, crdb.ColumnTypeEnum),
 			crdb.NewColumn(LoginPolicyHidePWResetCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(PasswordCheckLifetimeCol, crdb.ColumnTypeInt64),
--- a/internal/query/projection/message_texts.go
+++ b/internal/query/projection/message_texts.go
@@ -51,13 +51,13 @@ func NewMessageTextProjection(ctx context.Context, config crdb.StatementHandlerC
 			crdb.NewColumn(MessageTextStateCol, crdb.ColumnTypeEnum),
 			crdb.NewColumn(MessageTextTypeCol, crdb.ColumnTypeText),
 			crdb.NewColumn(MessageTextLanguageCol, crdb.ColumnTypeText),
-			crdb.NewColumn(MessageTextTitleCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextPreHeaderCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextSubjectCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextGreetingCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextTextCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextButtonTextCol, crdb.ColumnTypeBool),
-			crdb.NewColumn(MessageTextFooterCol, crdb.ColumnTypeBool),
+			crdb.NewColumn(MessageTextTitleCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextPreHeaderCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextSubjectCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextGreetingCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextTextCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextButtonTextCol, crdb.ColumnTypeText, crdb.Nullable()),
+			crdb.NewColumn(MessageTextFooterCol, crdb.ColumnTypeText, crdb.Nullable()),
 		},
 			crdb.NewPrimaryKey(MessageTextInstanceIDCol, MessageTextAggregateIDCol, MessageTextTypeCol, MessageTextLanguageCol),
 		),
--- a/internal/query/projection/org.go
+++ b/internal/query/projection/org.go
@@ -43,7 +43,7 @@ func NewOrgProjection(ctx context.Context, config crdb.StatementHandlerConfig) *
 			crdb.NewColumn(OrgColumnState, crdb.ColumnTypeEnum),
 			crdb.NewColumn(OrgColumnSequence, crdb.ColumnTypeInt64),
 			crdb.NewColumn(OrgColumnName, crdb.ColumnTypeText),
-			crdb.NewColumn(OrgColumnDomain, crdb.ColumnTypeText),
+			crdb.NewColumn(OrgColumnDomain, crdb.ColumnTypeText, crdb.Default("")),
 		},
 			crdb.NewPrimaryKey(OrgColumnInstanceID, OrgColumnID),
 			crdb.WithIndex(crdb.NewIndex("domain_idx", []string{OrgColumnDomain})),
--- a/internal/query/projection/user.go
+++ b/internal/query/projection/user.go
@@ -86,7 +86,7 @@ func NewUserProjection(ctx context.Context, config crdb.StatementHandlerConfig)
 			crdb.NewColumn(HumanNickNameCol, crdb.ColumnTypeText, crdb.Nullable()),
 			crdb.NewColumn(HumanDisplayNameCol, crdb.ColumnTypeText, crdb.Nullable()),
 			crdb.NewColumn(HumanPreferredLanguageCol, crdb.ColumnTypeText, crdb.Nullable()),
-			crdb.NewColumn(HumanGenderCol, crdb.ColumnTypeEnum),
+			crdb.NewColumn(HumanGenderCol, crdb.ColumnTypeEnum, crdb.Nullable()),
 			crdb.NewColumn(HumanAvatarURLCol, crdb.ColumnTypeText, crdb.Nullable()),
 			crdb.NewColumn(HumanEmailCol, crdb.ColumnTypeText),
 			crdb.NewColumn(HumanIsEmailVerifiedCol, crdb.ColumnTypeBool, crdb.Default(false)),
--- a/internal/query/secret_generators.go
+++ b/internal/query/secret_generators.go
@@ -137,7 +137,7 @@ func (q *Queries) SecretGeneratorByType(ctx context.Context, generatorType domai
 	stmt, scan := prepareSecretGeneratorQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		SecretGeneratorColumnGeneratorType.identifier(): generatorType,
-		SecretGeneratorColumnInstanceID.identifier():    authz.GetInstance(ctx).ID,
+		SecretGeneratorColumnInstanceID.identifier():    authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-3k99f", "Errors.Query.SQLStatment")
@@ -151,7 +151,7 @@ func (q *Queries) SearchSecretGenerators(ctx context.Context, queries *SecretGen
 	query, scan := prepareSecretGeneratorsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			SecretGeneratorColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			SecretGeneratorColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-sn9lw", "Errors.Query.InvalidRequest")
--- a/internal/query/sms.go
+++ b/internal/query/sms.go
@@ -116,7 +116,7 @@ func (q *Queries) SMSProviderConfigByID(ctx context.Context, id string) (*SMSCon
 	query, args, err := stmt.Where(
 		sq.Eq{
 			SMSConfigColumnID.identifier():         id,
-			SMSConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			SMSConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		},
 	).ToSql()
 	if err != nil {
@@ -131,7 +131,7 @@ func (q *Queries) SearchSMSConfigs(ctx context.Context, queries *SMSConfigsSearc
 	query, scan := prepareSMSConfigsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			SMSConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			SMSConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-sn9Jf", "Errors.Query.InvalidRequest")
--- a/internal/query/smtp.go
+++ b/internal/query/smtp.go
@@ -94,7 +94,7 @@ func (q *Queries) SMTPConfigByAggregateID(ctx context.Context, aggregateID strin
 	stmt, scan := prepareSMTPConfigQuery()
 	query, args, err := stmt.Where(sq.Eq{
 		SMTPConfigColumnAggregateID.identifier(): aggregateID,
-		SMTPConfigColumnInstanceID.identifier():  authz.GetInstance(ctx).ID,
+		SMTPConfigColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-3m9sl", "Errors.Query.SQLStatment")
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -231,7 +231,7 @@ var (
 )

 func (q *Queries) GetUserByID(ctx context.Context, userID string, queries ...SearchQuery) (*User, error) {
-	instanceID := authz.GetInstance(ctx).ID
+	instanceID := authz.GetInstance(ctx).InstanceID()
 	query, scan := prepareUserQuery(instanceID)
 	for _, q := range queries {
 		query = q.toQuery(query)
@@ -249,7 +249,7 @@ func (q *Queries) GetUserByID(ctx context.Context, userID string, queries ...Sea
 }

 func (q *Queries) GetUser(ctx context.Context, queries ...SearchQuery) (*User, error) {
-	instanceID := authz.GetInstance(ctx).ID
+	instanceID := authz.GetInstance(ctx).InstanceID()
 	query, scan := prepareUserQuery(instanceID)
 	for _, q := range queries {
 		query = q.toQuery(query)
@@ -272,7 +272,7 @@ func (q *Queries) GetHumanProfile(ctx context.Context, userID string, queries ..
 	}
 	stmt, args, err := query.Where(sq.Eq{
 		UserIDCol.identifier():         userID,
-		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment")
@@ -289,7 +289,7 @@ func (q *Queries) GetHumanEmail(ctx context.Context, userID string, queries ...S
 	}
 	stmt, args, err := query.Where(sq.Eq{
 		UserIDCol.identifier():         userID,
-		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-BHhj3", "Errors.Query.SQLStatment")
@@ -306,7 +306,7 @@ func (q *Queries) GetHumanPhone(ctx context.Context, userID string, queries ...S
 	}
 	stmt, args, err := query.Where(sq.Eq{
 		UserIDCol.identifier():         userID,
-		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment")
@@ -320,7 +320,7 @@ func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries) (
 	query, scan := prepareUsersQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			UserInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment")
@@ -366,7 +366,7 @@ func (q *Queries) IsUserUnique(ctx context.Context, username, email, resourceOwn
 		query = q.toQuery(query)
 	}
 	stmt, args, err := query.Where(sq.Eq{
-		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return false, errors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment")
@@ -437,7 +437,7 @@ func NewUserLoginNamesSearchQuery(value string) (SearchQuery, error) {
 }

 func prepareUserQuery(instanceID string) (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
-	loginNamesQuery, _, err := sq.Select(
+	loginNamesQuery, loginNamesArgs, err := sq.Select(
 		userLoginNamesUserIDCol.identifier(),
 		"ARRAY_AGG("+userLoginNamesNameCol.identifier()+") as "+userLoginNamesListCol.name).
 		From(userLoginNamesTable.identifier()).
@@ -489,7 +489,7 @@ func prepareUserQuery(instanceID string) (sq.SelectBuilder, func(*sql.Row) (*Use
 			From(userTable.identifier()).
 			LeftJoin(join(HumanUserIDCol, UserIDCol)).
 			LeftJoin(join(MachineUserIDCol, UserIDCol)).
-			LeftJoin("("+loginNamesQuery+") as "+userLoginNamesTable.alias+" on "+userLoginNamesUserIDCol.identifier()+" = "+UserIDCol.identifier()).
+			LeftJoin("("+loginNamesQuery+") as "+userLoginNamesTable.alias+" on "+userLoginNamesUserIDCol.identifier()+" = "+UserIDCol.identifier(), loginNamesArgs...).
 			LeftJoin("("+preferredLoginNameQuery+") as "+userPreferredLoginNameTable.alias+" on "+userPreferredLoginNameUserIDCol.identifier()+" = "+UserIDCol.identifier(), preferredLoginNameArgs...).
 			PlaceholderFormat(sq.Dollar),
 		func(row *sql.Row) (*User, error) {
--- a/internal/query/user_auth_method.go
+++ b/internal/query/user_auth_method.go
@@ -91,7 +91,7 @@ func (q *Queries) UserAuthMethodByIDs(ctx context.Context, userID, tokenID, reso
 		UserAuthMethodColumnTokenID.identifier():       tokenID,
 		UserAuthMethodColumnResourceOwner.identifier(): resourceOwner,
 		UserAuthMethodColumnMethodType.identifier():    methodType,
-		UserAuthMethodColumnInstanceID.identifier():    authz.GetInstance(ctx).ID,
+		UserAuthMethodColumnInstanceID.identifier():    authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment")
@@ -105,7 +105,7 @@ func (q *Queries) SearchUserAuthMethods(ctx context.Context, queries *UserAuthMe
 	query, scan := prepareUserAuthMethodsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			UserAuthMethodColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			UserAuthMethodColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-j9NJd", "Errors.Query.InvalidRequest")
--- a/internal/query/user_grant.go
+++ b/internal/query/user_grant.go
@@ -199,7 +199,7 @@ func (q *Queries) UserGrant(ctx context.Context, queries ...SearchQuery) (*UserG
 	}
 	stmt, args, err := query.
 		Where(sq.Eq{
-			UserGrantInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			UserGrantInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Fa1KW", "Errors.Query.SQLStatement")
@@ -213,7 +213,7 @@ func (q *Queries) UserGrants(ctx context.Context, queries *UserGrantsQueries) (*
 	query, scan := prepareUserGrantsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			UserGrantInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			UserGrantInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-wXnQR", "Errors.Query.SQLStatement")
--- a/internal/query/user_membership.go
+++ b/internal/query/user_membership.go
@@ -102,7 +102,7 @@ func (q *Queries) Memberships(ctx context.Context, queries *MembershipSearchQuer
 	query, scan := prepareMembershipsQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			membershipInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			membershipInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest")
@@ -289,6 +289,7 @@ func prepareOrgMember() string {
 		OrgMemberChangeDate.identifier(),
 		OrgMemberSequence.identifier(),
 		OrgMemberResourceOwner.identifier(),
+		OrgMemberInstanceID.identifier(),
 		OrgMemberOrgID.identifier(),
 		"NULL::STRING AS "+membershipIAMID.name,
 		"NULL::STRING AS "+membershipProjectID.name,
@@ -305,6 +306,7 @@ func prepareIAMMember() string {
 		InstanceMemberChangeDate.identifier(),
 		InstanceMemberSequence.identifier(),
 		InstanceMemberResourceOwner.identifier(),
+		InstanceMemberInstanceID.identifier(),
 		"NULL::STRING AS "+membershipOrgID.name,
 		InstanceMemberIAMID.identifier(),
 		"NULL::STRING AS "+membershipProjectID.name,
@@ -321,6 +323,7 @@ func prepareProjectMember() string {
 		ProjectMemberChangeDate.identifier(),
 		ProjectMemberSequence.identifier(),
 		ProjectMemberResourceOwner.identifier(),
+		ProjectMemberInstanceID.identifier(),
 		"NULL::STRING AS "+membershipOrgID.name,
 		"NULL::STRING AS "+membershipIAMID.name,
 		ProjectMemberProjectID.identifier(),
@@ -338,6 +341,7 @@ func prepareProjectGrantMember() string {
 		ProjectGrantMemberChangeDate.identifier(),
 		ProjectGrantMemberSequence.identifier(),
 		ProjectGrantMemberResourceOwner.identifier(),
+		ProjectGrantMemberInstanceID.identifier(),
 		"NULL::STRING AS "+membershipOrgID.name,
 		"NULL::STRING AS "+membershipIAMID.name,
 		ProjectGrantMemberProjectID.identifier(),
--- a/internal/query/user_membership_test.go
+++ b/internal/query/user_membership_test.go
@@ -20,7 +20,7 @@ var (
 			", memberships.sequence" +
 			", memberships.resource_owner" +
 			", memberships.org_id" +
-			", memberships.instance_id" +
+			", memberships.id" +
 			", memberships.project_id" +
 			", memberships.grant_id" +
 			", projections.projects.name" +
@@ -33,8 +33,9 @@ var (
 			", members.change_date" +
 			", members.sequence" +
 			", members.resource_owner" +
+			", members.instance_id" +
 			", members.org_id" +
-			", NULL::STRING AS instance_id" +
+			", NULL::STRING AS id" +
 			", NULL::STRING AS project_id" +
 			", NULL::STRING AS grant_id" +
 			" FROM projections.org_members as members" +
@@ -45,8 +46,9 @@ var (
 			", members.change_date" +
 			", members.sequence" +
 			", members.resource_owner" +
-			", NULL::STRING AS org_id" +
 			", members.instance_id" +
+			", NULL::STRING AS org_id" +
+			", members.id" +
 			", NULL::STRING AS project_id" +
 			", NULL::STRING AS grant_id" +
 			" FROM projections.instance_members as members" +
@@ -57,8 +59,9 @@ var (
 			", members.change_date" +
 			", members.sequence" +
 			", members.resource_owner" +
+			", members.instance_id" +
 			", NULL::STRING AS org_id" +
-			", NULL::STRING AS instance_id" +
+			", NULL::STRING AS id" +
 			", members.project_id" +
 			", NULL::STRING AS grant_id" +
 			" FROM projections.project_members as members" +
@@ -69,8 +72,9 @@ var (
 			", members.change_date" +
 			", members.sequence" +
 			", members.resource_owner" +
+			", members.instance_id" +
 			", NULL::STRING AS org_id" +
-			", NULL::STRING AS instance_id" +
+			", NULL::STRING AS id" +
 			", members.project_id" +
 			", members.grant_id" +
 			" FROM projections.project_grant_members as members" +
--- a/internal/query/user_metadata.go
+++ b/internal/query/user_metadata.go
@@ -80,7 +80,7 @@ func (q *Queries) GetUserMetadataByKey(ctx context.Context, userID, key string,
 		sq.Eq{
 			UserMetadataUserIDCol.identifier():     userID,
 			UserMetadataKeyCol.identifier():        key,
-			UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatment")
@@ -95,7 +95,7 @@ func (q *Queries) SearchUserMetadata(ctx context.Context, userID string, queries
 	stmt, args, err := queries.toQuery(query).Where(
 		sq.Eq{
 			UserMetadataUserIDCol.identifier():     userID,
-			UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).ID,
+			UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).
 		ToSql()
 	if err != nil {
--- a/internal/query/user_personal_access_token.go
+++ b/internal/query/user_personal_access_token.go
@@ -87,7 +87,7 @@ func (q *Queries) PersonalAccessTokenByID(ctx context.Context, id string, querie
 	}
 	stmt, args, err := query.Where(sq.Eq{
 		PersonalAccessTokenColumnID.identifier():         id,
-		PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+		PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment")
@@ -101,7 +101,7 @@ func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *Perso
 	query, scan := preparePersonalAccessTokensQuery()
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
-			PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).ID,
+			PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 		}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest")