I've concluded in our case it makes sense to make sure everyone is a

member

. So you shouldn't be only

account_manager

, but rather both member and AM. That way we can look at only member, and also give the possibility of associating a person with a team/org unit without associating them with a role. Though I'm still uncertain if that makes sense, or if we should rather just have the distinct roles and let

member

be a permission that combines all