Chore: Move team store implementation to a separate package (#55514)

* Chore: move team store implementation to a separate package * trying to fix more tests * fix tests in service accounts and access control * fix common tests * restore commented out test * add todos
2024-12-28 18:01:40 -06:00 · 2022-09-22 19:16:21 +02:00 · 2022-09-22 19:16:21 +02:00 · 4c19e83ff0
commit 4c19e83ff0
parent 591df92265
19 changed files with 444 additions and 236 deletions
--- a/pkg/api/common_test.go
+++ b/pkg/api/common_test.go
@ -371,7 +371,7 @@ func setupHTTPServerWithCfgDb(

 	license := &licensing.OSSLicensingService{}
 	routeRegister := routing.NewRouteRegister()
-	teamService := teamimpl.ProvideService(db)
+	teamService := teamimpl.ProvideService(db, cfg)
 	dashboardsStore := dashboardsstore.ProvideDashboardStore(db, featuremgmt.WithFeatures(), tagimpl.ProvideService(db))

 	var acmock *accesscontrolmock.Mock
@ -393,7 +393,7 @@ func setupHTTPServerWithCfgDb(
 		ac = acimpl.ProvideAccessControl(cfg)
 	}

-	teamPermissionService, err := ossaccesscontrol.ProvideTeamPermissions(cfg, routeRegister, db, ac, license, acService)
+	teamPermissionService, err := ossaccesscontrol.ProvideTeamPermissions(cfg, routeRegister, db, ac, license, acService, teamService)
 	require.NoError(t, err)

 	// Create minimal HTTP Server
--- a/pkg/api/team_members_test.go
+++ b/pkg/api/team_members_test.go
@ -40,7 +40,8 @@ func (t *TeamGuardianMock) DeleteByUser(ctx context.Context, userID int64) error
 func setUpGetTeamMembersHandler(t *testing.T, sqlStore *sqlstore.SQLStore) {
 	const testOrgID int64 = 1
 	var userCmd user.CreateUserCommand
-	team, err := sqlStore.CreateTeam("group1 name", "test1@test.com", testOrgID)
+	teamSvc := teamimpl.ProvideService(sqlStore, setting.NewCfg())
+	team, err := teamSvc.CreateTeam("group1 name", "test1@test.com", testOrgID)
 	require.NoError(t, err)
 	for i := 0; i < 3; i++ {
 		userCmd = user.CreateUserCommand{
@ -51,7 +52,7 @@ func setUpGetTeamMembersHandler(t *testing.T, sqlStore *sqlstore.SQLStore) {
 		// user
 		user, err := sqlStore.CreateUser(context.Background(), userCmd)
 		require.NoError(t, err)
-		err = sqlStore.AddTeamMember(user.ID, testOrgID, team.Id, false, 1)
+		err = teamSvc.AddTeamMember(user.ID, testOrgID, team.Id, false, 1)
 		require.NoError(t, err)
 	}
 }
@ -63,7 +64,7 @@ func TestTeamMembersAPIEndpoint_userLoggedIn(t *testing.T) {
 	sqlStore.Cfg = settings

 	hs.SQLStore = sqlStore
-	hs.teamService = teamimpl.ProvideService(sqlStore)
+	hs.teamService = teamimpl.ProvideService(sqlStore, settings)
 	hs.License = &licensing.OSSLicensingService{}
 	hs.teamGuardian = &TeamGuardianMock{}
 	mock := mockstore.NewSQLStoreMock()
@ -122,7 +123,7 @@ func createUser(db sqlstore.Store, orgId int64, t *testing.T) int64 {
 }

 func setupTeamTestScenario(userCount int, db sqlstore.Store, t *testing.T) int64 {
-	teamService := teamimpl.ProvideService(db.(*sqlstore.SQLStore)) // FIXME
+	teamService := teamimpl.ProvideService(db.(*sqlstore.SQLStore), setting.NewCfg()) // FIXME
 	user, err := db.CreateUser(context.Background(), user.CreateUserCommand{SkipOrgSetup: true, Login: testUserLogin})
 	require.NoError(t, err)
 	testOrg, err := db.CreateOrgWithMember("TestOrg", user.ID)
--- a/pkg/api/team_test.go
+++ b/pkg/api/team_test.go
@ -32,7 +32,7 @@ func TestTeamAPIEndpoint(t *testing.T) {
 		hs.Cfg.EditorsCanAdmin = true
 		store := sqlstore.InitTestDB(t)
 		store.Cfg = hs.Cfg
-		hs.teamService = teamimpl.ProvideService(store)
+		hs.teamService = teamimpl.ProvideService(store, hs.Cfg)
 		hs.SQLStore = store
 		mock := &mockstore.SQLStoreMock{}

--- a/pkg/cmd/grafana-cli/runner/wire.go
+++ b/pkg/cmd/grafana-cli/runner/wire.go
@ -325,7 +325,6 @@ var wireSet = wire.NewSet(
 	teamimpl.ProvideService,
 	userauthimpl.ProvideService,
 	ngmetrics.ProvideServiceForTest,
-	wire.Bind(new(sqlstore.TeamStore), new(*sqlstore.SQLStore)),
 	notifications.MockNotificationService,
 	wire.Bind(new(notifications.TempUserStore), new(*mockstore.SQLStoreMock)),
 	wire.Bind(new(notifications.Service), new(*notifications.NotificationServiceMock)),
--- a/pkg/server/wire.go
+++ b/pkg/server/wire.go
@ -360,7 +360,6 @@ var wireBasicSet = wire.NewSet(
 var wireSet = wire.NewSet(
 	wireBasicSet,
 	sqlstore.ProvideService,
-	wire.Bind(new(sqlstore.TeamStore), new(*sqlstore.SQLStore)),
 	ngmetrics.ProvideService,
 	wire.Bind(new(notifications.Service), new(*notifications.NotificationService)),
 	wire.Bind(new(notifications.WebhookSender), new(*notifications.NotificationService)),
@ -375,7 +374,6 @@ var wireTestSet = wire.NewSet(
 	ProvideTestEnv,
 	sqlstore.ProvideServiceForTests,
 	ngmetrics.ProvideServiceForTest,
-	wire.Bind(new(sqlstore.TeamStore), new(*sqlstore.SQLStore)),

 	notifications.MockNotificationService,
 	wire.Bind(new(notifications.Service), new(*notifications.NotificationServiceMock)),
--- a/pkg/services/accesscontrol/database/database_test.go
+++ b/pkg/services/accesscontrol/database/database_test.go
@ -12,6 +12,8 @@ import (
 	rs "github.com/grafana/grafana/pkg/services/accesscontrol/resourcepermissions"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 )

@ -79,9 +81,9 @@ func TestAccessControlStore_GetUserPermissions(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			store, permissionStore, sql := setupTestEnv(t)
+			store, permissionStore, sql, teamSvc := setupTestEnv(t)

-			user, team := createUserAndTeam(t, sql, tt.orgID)
+			user, team := createUserAndTeam(t, sql, teamSvc, tt.orgID)

 			for _, id := range tt.userPermissions {
 				_, err := permissionStore.SetUserResourcePermission(context.Background(), tt.orgID, accesscontrol.User{ID: user.ID}, rs.SetResourcePermissionCommand{
@ -142,8 +144,8 @@ func TestAccessControlStore_GetUserPermissions(t *testing.T) {

 func TestAccessControlStore_DeleteUserPermissions(t *testing.T) {
 	t.Run("expect permissions in all orgs to be deleted", func(t *testing.T) {
-		store, permissionsStore, sql := setupTestEnv(t)
-		user, _ := createUserAndTeam(t, sql, 1)
+		store, permissionsStore, sql, teamSvc := setupTestEnv(t)
+		user, _ := createUserAndTeam(t, sql, teamSvc, 1)

 		// generate permissions in org 1
 		_, err := permissionsStore.SetUserResourcePermission(context.Background(), 1, accesscontrol.User{ID: user.ID}, rs.SetResourcePermissionCommand{
@ -182,8 +184,8 @@ func TestAccessControlStore_DeleteUserPermissions(t *testing.T) {
 	})

 	t.Run("expect permissions in org 1 to be deleted", func(t *testing.T) {
-		store, permissionsStore, sql := setupTestEnv(t)
-		user, _ := createUserAndTeam(t, sql, 1)
+		store, permissionsStore, sql, teamSvc := setupTestEnv(t)
+		user, _ := createUserAndTeam(t, sql, teamSvc, 1)

 		// generate permissions in org 1
 		_, err := permissionsStore.SetUserResourcePermission(context.Background(), 1, accesscontrol.User{ID: user.ID}, rs.SetResourcePermissionCommand{
@ -222,7 +224,7 @@ func TestAccessControlStore_DeleteUserPermissions(t *testing.T) {
 	})
 }

-func createUserAndTeam(t *testing.T, sql *sqlstore.SQLStore, orgID int64) (*user.User, models.Team) {
+func createUserAndTeam(t *testing.T, sql *sqlstore.SQLStore, teamSvc team.Service, orgID int64) (*user.User, models.Team) {
 	t.Helper()

 	user, err := sql.CreateUser(context.Background(), user.CreateUserCommand{
@ -231,18 +233,19 @@ func createUserAndTeam(t *testing.T, sql *sqlstore.SQLStore, orgID int64) (*user
 	})
 	require.NoError(t, err)

-	team, err := sql.CreateTeam("team", "", orgID)
+	team, err := teamSvc.CreateTeam("team", "", orgID)
 	require.NoError(t, err)

-	err = sql.AddTeamMember(user.ID, orgID, team.Id, false, models.PERMISSION_VIEW)
+	err = teamSvc.AddTeamMember(user.ID, orgID, team.Id, false, models.PERMISSION_VIEW)
 	require.NoError(t, err)

 	return user, team
 }

-func setupTestEnv(t testing.TB) (*AccessControlStore, rs.Store, *sqlstore.SQLStore) {
+func setupTestEnv(t testing.TB) (*AccessControlStore, rs.Store, *sqlstore.SQLStore, team.Service) {
 	sql := sqlstore.InitTestDB(t)
 	acstore := ProvideService(sql)
 	permissionStore := rs.NewStore(sql)
-	return acstore, permissionStore, sql
+	teamService := teamimpl.ProvideService(sql, sql.Cfg)
+	return acstore, permissionStore, sql, teamService
 }
--- a/pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
+++ b/pkg/services/accesscontrol/ossaccesscontrol/permissions_services.go
@ -13,6 +13,8 @@ import (
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/serviceaccounts"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )
@ -38,6 +40,7 @@ var (
 func ProvideTeamPermissions(
 	cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore,
 	ac accesscontrol.AccessControl, license models.Licensing, service accesscontrol.Service,
+	teamService team.Service,
 ) (*TeamPermissionsService, error) {
 	options := resourcepermissions.Options{
 		Resource:          "teams",
@ -49,7 +52,7 @@ func ProvideTeamPermissions(
 				return err
 			}

-			err = sql.GetTeamById(context.Background(), &models.GetTeamByIdQuery{
+			err = teamService.GetTeamById(context.Background(), &models.GetTeamByIdQuery{
 				OrgId: orgID,
 				Id:    id,
 			})
@ -78,11 +81,11 @@ func ProvideTeamPermissions(
 			}
 			switch permission {
 			case "Member":
-				return sqlstore.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, 0)
+				return teamimpl.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, 0)
 			case "Admin":
-				return sqlstore.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, models.PERMISSION_ADMIN)
+				return teamimpl.AddOrUpdateTeamMemberHook(session, user.ID, orgID, teamId, user.IsExternal, models.PERMISSION_ADMIN)
 			case "":
-				return sqlstore.RemoveTeamMemberHook(session, &models.RemoveTeamMemberCommand{
+				return teamimpl.RemoveTeamMemberHook(session, &models.RemoveTeamMemberCommand{
 					OrgId:  orgID,
 					UserId: user.ID,
 					TeamId: teamId,
@ -93,7 +96,7 @@ func ProvideTeamPermissions(
 		},
 	}

-	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql)
+	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql, teamService)
 	if err != nil {
 		return nil, err
 	}
@ -111,6 +114,7 @@ var DashboardAdminActions = append(DashboardEditActions, []string{dashboards.Act
 func ProvideDashboardPermissions(
 	cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore, ac accesscontrol.AccessControl,
 	license models.Licensing, dashboardStore dashboards.Store, service accesscontrol.Service,
+	teamService team.Service,
 ) (*DashboardPermissionsService, error) {
 	getDashboard := func(ctx context.Context, orgID int64, resourceID string) (*models.Dashboard, error) {
 		query := &models.GetDashboardQuery{Uid: resourceID, OrgId: orgID}
@ -164,7 +168,7 @@ func ProvideDashboardPermissions(
 		RoleGroup:      "Dashboards",
 	}

-	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql)
+	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql, teamService)
 	if err != nil {
 		return nil, err
 	}
@ -189,6 +193,7 @@ var FolderAdminActions = append(FolderEditActions, []string{dashboards.ActionFol
 func ProvideFolderPermissions(
 	cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore, accesscontrol accesscontrol.AccessControl,
 	license models.Licensing, dashboardStore dashboards.Store, service accesscontrol.Service,
+	teamService team.Service,
 ) (*FolderPermissionsService, error) {
 	options := resourcepermissions.Options{
 		Resource:          "folders",
@ -219,7 +224,7 @@ func ProvideFolderPermissions(
 		WriterRoleName: "Folder permission writer",
 		RoleGroup:      "Folders",
 	}
-	srv, err := resourcepermissions.New(options, cfg, router, license, accesscontrol, service, sql)
+	srv, err := resourcepermissions.New(options, cfg, router, license, accesscontrol, service, sql, teamService)
 	if err != nil {
 		return nil, err
 	}
@ -279,6 +284,7 @@ type ServiceAccountPermissionsService struct {
 func ProvideServiceAccountPermissions(
 	cfg *setting.Cfg, router routing.RouteRegister, sql *sqlstore.SQLStore, ac accesscontrol.AccessControl,
 	license models.Licensing, serviceAccountStore serviceaccounts.Store, service accesscontrol.Service,
+	teamService team.Service,
 ) (*ServiceAccountPermissionsService, error) {
 	options := resourcepermissions.Options{
 		Resource:          "serviceaccounts",
@ -305,7 +311,7 @@ func ProvideServiceAccountPermissions(
 		RoleGroup:      "Service accounts",
 	}

-	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql)
+	srv, err := resourcepermissions.New(options, cfg, router, license, ac, service, sql, teamService)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/services/accesscontrol/resourcepermissions/api_test.go
+++ b/pkg/services/accesscontrol/resourcepermissions/api_test.go
@ -19,6 +19,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/web"
@ -112,7 +113,7 @@ func TestApi_getDescription(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, _ := setupTestEnvironment(t, tt.permissions, tt.options)
+			service, _, _ := setupTestEnvironment(t, tt.permissions, tt.options)
 			server := setupTestServer(t, &user.SignedInUser{OrgID: 1}, service)

 			req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/api/access-control/%s/description", tt.options.Resource), nil)
@ -159,7 +160,7 @@ func TestApi_getPermissions(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, tt.permissions, testOptions)
+			service, sql, _ := setupTestEnvironment(t, tt.permissions, testOptions)
 			server := setupTestServer(t, &user.SignedInUser{OrgID: 1, Permissions: map[int64]map[string][]string{1: accesscontrol.GroupScopesByAction(tt.permissions)}}, service)

 			seedPermissions(t, tt.resourceID, sql, service)
@ -236,7 +237,7 @@ func TestApi_setBuiltinRolePermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, _ := setupTestEnvironment(t, tt.permissions, testOptions)
+			service, _, _ := setupTestEnvironment(t, tt.permissions, testOptions)
 			server := setupTestServer(t, &user.SignedInUser{OrgID: 1, Permissions: map[int64]map[string][]string{1: accesscontrol.GroupScopesByAction(tt.permissions)}}, service)

 			recorder := setPermission(t, server, testOptions.Resource, tt.resourceID, tt.permission, "builtInRoles", tt.builtInRole)
@ -314,11 +315,11 @@ func TestApi_setTeamPermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, tt.permissions, testOptions)
+			service, _, teamSvc := setupTestEnvironment(t, tt.permissions, testOptions)
 			server := setupTestServer(t, &user.SignedInUser{OrgID: 1, Permissions: map[int64]map[string][]string{1: accesscontrol.GroupScopesByAction(tt.permissions)}}, service)

 			// seed team
-			_, err := sql.CreateTeam("test", "test@test.com", 1)
+			_, err := teamSvc.CreateTeam("test", "test@test.com", 1)
 			require.NoError(t, err)

 			recorder := setPermission(t, server, testOptions.Resource, tt.resourceID, tt.permission, "teams", strconv.Itoa(int(tt.teamID)))
@ -397,7 +398,7 @@ func TestApi_setUserPermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, tt.permissions, testOptions)
+			service, sql, _ := setupTestEnvironment(t, tt.permissions, testOptions)
 			server := setupTestServer(t, &user.SignedInUser{OrgID: 1, Permissions: map[int64]map[string][]string{1: accesscontrol.GroupScopesByAction(tt.permissions)}}, service)

 			// seed user
@ -498,7 +499,8 @@ func checkSeededPermissions(t *testing.T, permissions []resourcePermissionDTO) {
 func seedPermissions(t *testing.T, resourceID string, sql *sqlstore.SQLStore, service *Service) {
 	t.Helper()
 	// seed team 1 with "Edit" permission on dashboard 1
-	team, err := sql.CreateTeam("test", "test@test.com", 1)
+	teamSvc := teamimpl.ProvideService(sql, sql.Cfg)
+	team, err := teamSvc.CreateTeam("test", "test@test.com", 1)
 	require.NoError(t, err)
 	_, err = service.SetTeamPermission(context.Background(), team.OrgId, team.Id, resourceID, "Edit")
 	require.NoError(t, err)
--- a/pkg/services/accesscontrol/resourcepermissions/service.go
+++ b/pkg/services/accesscontrol/resourcepermissions/service.go
@ -10,6 +10,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )
@ -50,6 +51,7 @@ type Store interface {
 func New(
 	options Options, cfg *setting.Cfg, router routing.RouteRegister, license models.Licensing,
 	ac accesscontrol.AccessControl, service accesscontrol.Service, sqlStore *sqlstore.SQLStore,
+	teamService team.Service,
 ) (*Service, error) {
 	var permissions []string
 	actionSet := make(map[string]struct{})
@ -80,6 +82,7 @@ func New(
 		actions:     actions,
 		sqlStore:    sqlStore,
 		service:     service,
+		teamService: teamService,
 	}

 	s.api = newApi(ac, router, s)
@ -106,6 +109,7 @@ type Service struct {
 	permissions []string
 	actions     []string
 	sqlStore    *sqlstore.SQLStore
+	teamService team.Service
 }

 func (s *Service) GetPermissions(ctx context.Context, user *user.SignedInUser, resourceID string) ([]accesscontrol.ResourcePermission, error) {
@ -293,7 +297,7 @@ func (s *Service) validateTeam(ctx context.Context, orgID, teamID int64) error {
 		return ErrInvalidAssignment
 	}

-	if err := s.sqlStore.GetTeamById(ctx, &models.GetTeamByIdQuery{OrgId: orgID, Id: teamID}); err != nil {
+	if err := s.teamService.GetTeamById(ctx, &models.GetTeamByIdQuery{OrgId: orgID, Id: teamID}); err != nil {
 		return err
 	}
 	return nil
--- a/pkg/services/accesscontrol/resourcepermissions/service_test.go
+++ b/pkg/services/accesscontrol/resourcepermissions/service_test.go
@ -12,6 +12,8 @@ import (
 	accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
 	"github.com/grafana/grafana/pkg/services/licensing/licensingtest"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 )
@ -35,7 +37,7 @@ func TestService_SetUserPermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
+			service, sql, _ := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
 				Resource:             "dashboards",
 				Assignments:          Assignments{Users: true},
 				PermissionsToActions: nil,
@ -79,14 +81,14 @@ func TestService_SetTeamPermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
+			service, _, teamSvc := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
 				Resource:             "dashboards",
 				Assignments:          Assignments{Teams: true},
 				PermissionsToActions: nil,
 			})

 			// seed team
-			team, err := sql.CreateTeam("test", "test@test.com", 1)
+			team, err := teamSvc.CreateTeam("test", "test@test.com", 1)
 			require.NoError(t, err)

 			var hookCalled bool
@ -123,7 +125,7 @@ func TestService_SetBuiltInRolePermission(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, _ := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
+			service, _, _ := setupTestEnvironment(t, []accesscontrol.Permission{}, Options{
 				Resource:             "dashboards",
 				Assignments:          Assignments{BuiltInRoles: true},
 				PermissionsToActions: nil,
@ -196,12 +198,12 @@ func TestService_SetPermissions(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			service, sql := setupTestEnvironment(t, []accesscontrol.Permission{}, tt.options)
+			service, sql, teamSvc := setupTestEnvironment(t, []accesscontrol.Permission{}, tt.options)

 			// seed user
 			_, err := sql.CreateUser(context.Background(), user.CreateUserCommand{Login: "user", OrgID: 1})
 			require.NoError(t, err)
-			_, err = sql.CreateTeam("team", "", 1)
+			_, err = teamSvc.CreateTeam("team", "", 1)
 			require.NoError(t, err)

 			permissions, err := service.SetPermissions(context.Background(), 1, "1", tt.commands...)
@ -215,19 +217,20 @@ func TestService_SetPermissions(t *testing.T) {
 	}
 }

-func setupTestEnvironment(t *testing.T, permissions []accesscontrol.Permission, ops Options) (*Service, *sqlstore.SQLStore) {
+func setupTestEnvironment(t *testing.T, permissions []accesscontrol.Permission, ops Options) (*Service, *sqlstore.SQLStore, team.Service) {
 	t.Helper()

 	sql := sqlstore.InitTestDB(t)
 	cfg := setting.NewCfg()
+	teamSvc := teamimpl.ProvideService(sql, cfg)
 	license := licensingtest.NewFakeLicensing()
 	license.On("FeatureEnabled", "accesscontrol.enforcement").Return(true).Maybe()
 	mock := accesscontrolmock.New().WithPermissions(permissions)
 	service, err := New(
 		ops, cfg, routing.NewRouteRegister(), license,
-		accesscontrolmock.New().WithPermissions(permissions), mock, sql,
+		accesscontrolmock.New().WithPermissions(permissions), mock, sql, teamSvc,
 	)
 	require.NoError(t, err)

-	return service, sql
+	return service, sql, teamSvc
 }
--- a/pkg/services/accesscontrol/resourcepermissions/store_bench_test.go
+++ b/pkg/services/accesscontrol/resourcepermissions/store_bench_test.go
@ -15,6 +15,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/datasources"
 	datasourcesService "github.com/grafana/grafana/pkg/services/datasources/service"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 )

@ -133,6 +134,7 @@ func GenerateDatasourcePermissions(b *testing.B, db *sqlstore.SQLStore, ac *stor
 }

 func generateTeamsAndUsers(b *testing.B, db *sqlstore.SQLStore, users int) ([]int64, []int64) {
+	teamSvc := teamimpl.ProvideService(db, db.Cfg)
 	numberOfTeams := int(math.Ceil(float64(users) / UsersPerTeam))
 	globalUserId := 0

@ -142,7 +144,7 @@ func generateTeamsAndUsers(b *testing.B, db *sqlstore.SQLStore, users int) ([]in
 		// Create team
 		teamName := fmt.Sprintf("%s%v", "team", i)
 		teamEmail := fmt.Sprintf("%s@example.org", teamName)
-		team, err := db.CreateTeam(teamName, teamEmail, 1)
+		team, err := teamSvc.CreateTeam(teamName, teamEmail, 1)
 		require.NoError(b, err)
 		teamId := team.Id
 		teamIds = append(teamIds, teamId)
@ -159,7 +161,7 @@ func generateTeamsAndUsers(b *testing.B, db *sqlstore.SQLStore, users int) ([]in
 			globalUserId++
 			userIds = append(userIds, userId)

-			err = db.AddTeamMember(userId, 1, teamId, false, 1)
+			err = teamSvc.AddTeamMember(userId, 1, teamId, false, 1)
 			require.NoError(b, err)
 		}
 	}
--- a/pkg/services/dashboards/database/acl_test.go
+++ b/pkg/services/dashboards/database/acl_test.go
@ -8,6 +8,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/tag/tagimpl"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/stretchr/testify/require"
 )
@ -189,7 +190,8 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {

 		t.Run("Should be able to add a user permission for a team", func(t *testing.T) {
 			setup(t)
-			team1, err := sqlStore.CreateTeam("group1 name", "", 1)
+			teamSvc := teamimpl.ProvideService(sqlStore, sqlStore.Cfg)
+			team1, err := teamSvc.CreateTeam("group1 name", "", 1)
 			require.Nil(t, err)

 			err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
@ -210,7 +212,8 @@ func TestIntegrationDashboardACLDataAccess(t *testing.T) {

 		t.Run("Should be able to update an existing permission for a team", func(t *testing.T) {
 			setup(t)
-			team1, err := sqlStore.CreateTeam("group1 name", "", 1)
+			teamSvc := teamimpl.ProvideService(sqlStore, sqlStore.Cfg)
+			team1, err := teamSvc.CreateTeam("group1 name", "", 1)
 			require.Nil(t, err)
 			err = updateDashboardACL(t, dashboardStore, savedFolder.Id, models.DashboardACL{
 				OrgID:       1,
--- a/pkg/services/guardian/accesscontrol_guardian_test.go
+++ b/pkg/services/guardian/accesscontrol_guardian_test.go
@ -7,6 +7,7 @@ import (

 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/tag/tagimpl"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"

 	"github.com/stretchr/testify/assert"
@ -601,12 +602,13 @@ func setupAccessControlGuardianTest(t *testing.T, uid string, permissions []acce
 	ac.RegisterScopeAttributeResolver(dashboards.NewDashboardUIDScopeResolver(dashStore))
 	license := licensingtest.NewFakeLicensing()
 	license.On("FeatureEnabled", "accesscontrol.enforcement").Return(true).Maybe()
+	teamSvc := teamimpl.ProvideService(store, store.Cfg)

 	folderPermissions, err := ossaccesscontrol.ProvideFolderPermissions(
-		setting.NewCfg(), routing.NewRouteRegister(), store, ac, license, &dashboards.FakeDashboardStore{}, ac)
+		setting.NewCfg(), routing.NewRouteRegister(), store, ac, license, &dashboards.FakeDashboardStore{}, ac, teamSvc)
 	require.NoError(t, err)
 	dashboardPermissions, err := ossaccesscontrol.ProvideDashboardPermissions(
-		setting.NewCfg(), routing.NewRouteRegister(), store, ac, license, &dashboards.FakeDashboardStore{}, ac)
+		setting.NewCfg(), routing.NewRouteRegister(), store, ac, license, &dashboards.FakeDashboardStore{}, ac, teamSvc)
 	require.NoError(t, err)
 	if dashboardSvc == nil {
 		dashboardSvc = &dashboards.FakeDashboardService{}
--- a/pkg/services/serviceaccounts/api/api_test.go
+++ b/pkg/services/serviceaccounts/api/api_test.go
@ -26,6 +26,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/serviceaccounts/database"
 	"github.com/grafana/grafana/pkg/services/serviceaccounts/tests"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/team/teamimpl"
 	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/web"
@ -278,7 +279,8 @@ func setupTestServer(t *testing.T, svc *tests.ServiceAccountMock,
 	acmock *accesscontrolmock.Mock,
 	sqlStore *sqlstore.SQLStore, saStore serviceaccounts.Store) (*web.Mux, *ServiceAccountsAPI) {
 	cfg := setting.NewCfg()
-	saPermissionService, err := ossaccesscontrol.ProvideServiceAccountPermissions(cfg, routing.NewRouteRegister(), sqlStore, acmock, &licensing.OSSLicensingService{}, saStore, acmock)
+	teamSvc := teamimpl.ProvideService(sqlStore, cfg)
+	saPermissionService, err := ossaccesscontrol.ProvideServiceAccountPermissions(cfg, routing.NewRouteRegister(), sqlStore, acmock, &licensing.OSSLicensingService{}, saStore, acmock, teamSvc)
 	require.NoError(t, err)

 	a := NewServiceAccountsAPI(cfg, svc, acmock, routerRegister, saStore, saPermissionService)
--- a/pkg/services/sqlstore/sqlbuilder_test.go
+++ b/pkg/services/sqlstore/sqlbuilder_test.go
@ -214,15 +214,6 @@ func createDummyUser(t *testing.T, sqlStore *SQLStore) *user.User {
 	return user
 }

-func createDummyTeam(t *testing.T, sqlStore *SQLStore) models.Team {
-	t.Helper()
-
-	team, err := sqlStore.CreateTeam("test", "test@example.com", 1)
-	require.NoError(t, err)
-
-	return team
-}
-
 func createDummyDashboard(t *testing.T, sqlStore *SQLStore, dashboardProps DashboardProps) *models.Dashboard {
 	t.Helper()

@ -273,16 +264,8 @@ func createDummyACL(t *testing.T, sqlStore *SQLStore, dashboardPermission *Dashb
 	}

 	if dashboardPermission.Team {
-		t.Logf("Creating team")
-		team := createDummyTeam(t, sqlStore)
-		if search.UserFromACL {
-			user = createDummyUser(t, sqlStore)
-			err := sqlStore.AddTeamMember(user.ID, 1, team.Id, false, 0)
-			require.NoError(t, err)
-			t.Logf("Created team member with ID %d", user.ID)
-		}
-
-		acl.TeamID = team.Id
+		// TODO: Restore/refactor sqlBuilder tests after user, org and team services are split
+		t.Skip("Creating team: skip, team service is moved")
 	}

 	if len(string(dashboardPermission.Role)) > 0 {
--- a/pkg/services/sqlstore/user.go
+++ b/pkg/services/sqlstore/user.go
@ -1,6 +1,7 @@
 package sqlstore

 import (
+	"bytes"
 	"context"
 	"fmt"
 	"sort"
@ -583,6 +584,56 @@ func (ss *SQLStore) GetSignedInUser(ctx context.Context, query *models.GetSigned
 	})
 }

+// GetTeamsByUser is used by the Guardian when checking a users' permissions
+// TODO: use team.Service after user service is split
+func (ss *SQLStore) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
+	return ss.WithDbSession(ctx, func(sess *DBSession) error {
+		query.Result = make([]*models.TeamDTO, 0)
+
+		var sql bytes.Buffer
+		var params []interface{}
+		params = append(params, query.OrgId, query.UserId)
+
+		sql.WriteString(getTeamSelectSQLBase([]string{}))
+		sql.WriteString(` INNER JOIN team_member on team.id = team_member.team_id`)
+		sql.WriteString(` WHERE team.org_id = ? and team_member.user_id = ?`)
+
+		if !ac.IsDisabled(ss.Cfg) {
+			acFilter, err := ac.Filter(query.SignedInUser, "team.id", "teams:id:", ac.ActionTeamsRead)
+			if err != nil {
+				return err
+			}
+			sql.WriteString(` and` + acFilter.Where)
+			params = append(params, acFilter.Args...)
+		}
+
+		err := sess.SQL(sql.String(), params...).Find(&query.Result)
+		return err
+	})
+}
+
+func getTeamMemberCount(filteredUsers []string) string {
+	if len(filteredUsers) > 0 {
+		return `(SELECT COUNT(*) FROM team_member
+			INNER JOIN ` + dialect.Quote("user") + ` ON team_member.user_id = ` + dialect.Quote("user") + `.id
+			WHERE team_member.team_id = team.id AND ` + dialect.Quote("user") + `.login NOT IN (?` +
+			strings.Repeat(",?", len(filteredUsers)-1) + ")" +
+			`) AS member_count `
+	}
+
+	return "(SELECT COUNT(*) FROM team_member WHERE team_member.team_id = team.id) AS member_count "
+}
+
+func getTeamSelectSQLBase(filteredUsers []string) string {
+	return `SELECT
+		team.id as id,
+		team.org_id,
+		team.name as name,
+		team.email as email, ` +
+		getTeamMemberCount(filteredUsers) +
+		` FROM team as team `
+}
+
 func (ss *SQLStore) SearchUsers(ctx context.Context, query *models.SearchUsersQuery) error {
 	return ss.WithDbSession(ctx, func(dbSess *DBSession) error {
 		query.Result = models.SearchUserQueryResult{
--- a/pkg/services/team/teamimpl/store.go
+++ b/pkg/services/team/teamimpl/store.go
@ -1,4 +1,4 @@
-package sqlstore
+package teamimpl

 import (
 	"bytes"
@ -9,18 +9,31 @@ import (

 	"github.com/grafana/grafana/pkg/models"
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/sqlstore/db"
 	"github.com/grafana/grafana/pkg/services/user"
+	"github.com/grafana/grafana/pkg/setting"
 )

-type TeamStore interface {
-	UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error
-	DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error
-	SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error
-	GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error
-	UpdateTeamMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error
-	RemoveTeamMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error
-	GetTeamMembers(ctx context.Context, cmd *models.GetTeamMembersQuery) error
-	GetUserTeamMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error)
+type store interface {
+	Create(name, email string, orgID int64) (models.Team, error)
+	Update(ctx context.Context, cmd *models.UpdateTeamCommand) error
+	Delete(ctx context.Context, cmd *models.DeleteTeamCommand) error
+	Search(ctx context.Context, query *models.SearchTeamsQuery) error
+	GetById(ctx context.Context, query *models.GetTeamByIdQuery) error
+	GetByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error
+	AddMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error
+	UpdateMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error
+	IsMember(orgId int64, teamId int64, userId int64) (bool, error)
+	RemoveMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error
+	GetMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error)
+	GetMembers(ctx context.Context, query *models.GetTeamMembersQuery) error
+	IsAdmin(ctx context.Context, query *models.IsAdminOfTeamsQuery) error
+}
+
+type xormStore struct {
+	db  db.DB
+	cfg *setting.Cfg
 }

 func getFilteredUsers(signedInUser *user.SignedInUser, hiddenUsers map[string]struct{}) []string {
@ -39,11 +52,11 @@ func getFilteredUsers(signedInUser *user.SignedInUser, hiddenUsers map[string]st
 	return filteredUsers
 }

-func getTeamMemberCount(filteredUsers []string) string {
+func getTeamMemberCount(db db.DB, filteredUsers []string) string {
 	if len(filteredUsers) > 0 {
 		return `(SELECT COUNT(*) FROM team_member
-			INNER JOIN ` + dialect.Quote("user") + ` ON team_member.user_id = ` + dialect.Quote("user") + `.id
-			WHERE team_member.team_id = team.id AND ` + dialect.Quote("user") + `.login NOT IN (?` +
+			INNER JOIN ` + db.GetDialect().Quote("user") + ` ON team_member.user_id = ` + db.GetDialect().Quote("user") + `.id
+			WHERE team_member.team_id = team.id AND ` + db.GetDialect().Quote("user") + `.login NOT IN (?` +
 			strings.Repeat(",?", len(filteredUsers)-1) + ")" +
 			`) AS member_count `
 	}
@ -51,29 +64,29 @@ func getTeamMemberCount(filteredUsers []string) string {
 	return "(SELECT COUNT(*) FROM team_member WHERE team_member.team_id = team.id) AS member_count "
 }

-func getTeamSelectSQLBase(filteredUsers []string) string {
+func getTeamSelectSQLBase(db db.DB, filteredUsers []string) string {
 	return `SELECT
 		team.id as id,
 		team.org_id,
 		team.name as name,
 		team.email as email, ` +
-		getTeamMemberCount(filteredUsers) +
+		getTeamMemberCount(db, filteredUsers) +
 		` FROM team as team `
 }

-func getTeamSelectWithPermissionsSQLBase(filteredUsers []string) string {
+func getTeamSelectWithPermissionsSQLBase(db db.DB, filteredUsers []string) string {
 	return `SELECT
 		team.id AS id,
 		team.org_id,
 		team.name AS name,
 		team.email AS email,
 		team_member.permission, ` +
-		getTeamMemberCount(filteredUsers) +
+		getTeamMemberCount(db, filteredUsers) +
 		` FROM team AS team
 		INNER JOIN team_member ON team.id = team_member.team_id AND team_member.user_id = ? `
 }

-func (ss *SQLStore) CreateTeam(name, email string, orgID int64) (models.Team, error) {
+func (ss *xormStore) Create(name, email string, orgID int64) (models.Team, error) {
 	team := models.Team{
 		Name:    name,
 		Email:   email,
@ -81,7 +94,7 @@ func (ss *SQLStore) CreateTeam(name, email string, orgID int64) (models.Team, er
 		Created: time.Now(),
 		Updated: time.Now(),
 	}
-	err := ss.WithTransactionalDbSession(context.Background(), func(sess *DBSession) error {
+	err := ss.db.WithTransactionalDbSession(context.Background(), func(sess *sqlstore.DBSession) error {
 		if isNameTaken, err := isTeamNameTaken(orgID, name, 0, sess); err != nil {
 			return err
 		} else if isNameTaken {
@ -94,8 +107,8 @@ func (ss *SQLStore) CreateTeam(name, email string, orgID int64) (models.Team, er
 	return team, err
 }

-func (ss *SQLStore) UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error {
-	return ss.WithTransactionalDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) Update(ctx context.Context, cmd *models.UpdateTeamCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		if isNameTaken, err := isTeamNameTaken(cmd.OrgId, cmd.Name, cmd.Id, sess); err != nil {
 			return err
 		} else if isNameTaken {
@ -125,8 +138,8 @@ func (ss *SQLStore) UpdateTeam(ctx context.Context, cmd *models.UpdateTeamComman
 }

 // DeleteTeam will delete a team, its member and any permissions connected to the team
-func (ss *SQLStore) DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error {
-	return ss.WithTransactionalDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) Delete(ctx context.Context, cmd *models.DeleteTeamCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		if _, err := teamExists(cmd.OrgId, cmd.Id, sess); err != nil {
 			return err
 		}
@ -151,7 +164,7 @@ func (ss *SQLStore) DeleteTeam(ctx context.Context, cmd *models.DeleteTeamComman
 	})
 }

-func teamExists(orgID int64, teamID int64, sess *DBSession) (bool, error) {
+func teamExists(orgID int64, teamID int64, sess *sqlstore.DBSession) (bool, error) {
 	if res, err := sess.Query("SELECT 1 from team WHERE org_id=? and id=?", orgID, teamID); err != nil {
 		return false, err
 	} else if len(res) != 1 {
@ -161,7 +174,7 @@ func teamExists(orgID int64, teamID int64, sess *DBSession) (bool, error) {
 	return true, nil
 }

-func isTeamNameTaken(orgId int64, name string, existingId int64, sess *DBSession) (bool, error) {
+func isTeamNameTaken(orgId int64, name string, existingId int64, sess *sqlstore.DBSession) (bool, error) {
 	var team models.Team
 	exists, err := sess.Where("org_id=? and name=?", orgId, name).Get(&team)
 	if err != nil {
@ -175,8 +188,8 @@ func isTeamNameTaken(orgId int64, name string, existingId int64, sess *DBSession
 	return false, nil
 }

-func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error {
-	return ss.WithDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) Search(ctx context.Context, query *models.SearchTeamsQuery) error {
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		query.Result = models.SearchTeamQueryResult{
 			Teams: make([]*models.TeamDTO, 0),
 		}
@ -191,9 +204,9 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 		}

 		if query.UserIdFilter == models.FilterIgnoreUser {
-			sql.WriteString(getTeamSelectSQLBase(filteredUsers))
+			sql.WriteString(getTeamSelectSQLBase(ss.db, filteredUsers))
 		} else {
-			sql.WriteString(getTeamSelectWithPermissionsSQLBase(filteredUsers))
+			sql.WriteString(getTeamSelectWithPermissionsSQLBase(ss.db, filteredUsers))
 			params = append(params, query.UserIdFilter)
 		}

@ -201,7 +214,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 		params = append(params, query.OrgId)

 		if query.Query != "" {
-			sql.WriteString(` and team.name ` + ss.Dialect.LikeStr() + ` ?`)
+			sql.WriteString(` and team.name ` + ss.db.GetDialect().LikeStr() + ` ?`)
 			params = append(params, queryWithWildcards)
 		}

@ -214,7 +227,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 			acFilter ac.SQLFilter
 			err      error
 		)
-		if !ac.IsDisabled(ss.Cfg) {
+		if !ac.IsDisabled(ss.cfg) {
 			acFilter, err = ac.Filter(query.SignedInUser, "team.id", "teams:id:", ac.ActionTeamsRead)
 			if err != nil {
 				return err
@ -227,7 +240,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu

 		if query.Limit != 0 {
 			offset := query.Limit * (query.Page - 1)
-			sql.WriteString(ss.Dialect.LimitOffset(int64(query.Limit), int64(offset)))
+			sql.WriteString(ss.db.GetDialect().LimitOffset(int64(query.Limit), int64(offset)))
 		}

 		if err := sess.SQL(sql.String(), params...).Find(&query.Result.Teams); err != nil {
@ -239,7 +252,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 		countSess.Where("team.org_id=?", query.OrgId)

 		if query.Query != "" {
-			countSess.Where(`name `+dialect.LikeStr()+` ?`, queryWithWildcards)
+			countSess.Where(`name `+ss.db.GetDialect().LikeStr()+` ?`, queryWithWildcards)
 		}

 		if query.Name != "" {
@ -259,7 +272,7 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 		}

 		// Only count teams user can see
-		if !ac.IsDisabled(ss.Cfg) {
+		if !ac.IsDisabled(ss.cfg) {
 			countSess.Where(acFilter.Where, acFilter.Args...)
 		}

@ -270,13 +283,13 @@ func (ss *SQLStore) SearchTeams(ctx context.Context, query *models.SearchTeamsQu
 	})
 }

-func (ss *SQLStore) GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error {
-	return ss.WithDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) GetById(ctx context.Context, query *models.GetTeamByIdQuery) error {
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		var sql bytes.Buffer
 		params := make([]interface{}, 0)

 		filteredUsers := getFilteredUsers(query.SignedInUser, query.HiddenUsers)
-		sql.WriteString(getTeamSelectSQLBase(filteredUsers))
+		sql.WriteString(getTeamSelectSQLBase(ss.db, filteredUsers))
 		for _, user := range filteredUsers {
 			params = append(params, user)
 		}
@ -306,19 +319,19 @@ func (ss *SQLStore) GetTeamById(ctx context.Context, query *models.GetTeamByIdQu
 }

 // GetTeamsByUser is used by the Guardian when checking a users' permissions
-func (ss *SQLStore) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
-	return ss.WithDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) GetByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		query.Result = make([]*models.TeamDTO, 0)

 		var sql bytes.Buffer
 		var params []interface{}
 		params = append(params, query.OrgId, query.UserId)

-		sql.WriteString(getTeamSelectSQLBase([]string{}))
+		sql.WriteString(getTeamSelectSQLBase(ss.db, []string{}))
 		sql.WriteString(` INNER JOIN team_member on team.id = team_member.team_id`)
 		sql.WriteString(` WHERE team.org_id = ? and team_member.user_id = ?`)

-		if !ac.IsDisabled(ss.Cfg) {
+		if !ac.IsDisabled(ss.cfg) {
 			acFilter, err := ac.Filter(query.SignedInUser, "team.id", "teams:id:", ac.ActionTeamsRead)
 			if err != nil {
 				return err
@ -333,8 +346,8 @@ func (ss *SQLStore) GetTeamsByUser(ctx context.Context, query *models.GetTeamsBy
 }

 // AddTeamMember adds a user to a team
-func (ss *SQLStore) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
-	return ss.WithTransactionalDbSession(context.Background(), func(sess *DBSession) error {
+func (ss *xormStore) AddMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
+	return ss.db.WithTransactionalDbSession(context.Background(), func(sess *sqlstore.DBSession) error {
 		if isMember, err := isTeamMember(sess, orgID, teamID, userID); err != nil {
 			return err
 		} else if isMember {
@ -345,7 +358,7 @@ func (ss *SQLStore) AddTeamMember(userID, orgID, teamID int64, isExternal bool,
 	})
 }

-func getTeamMember(sess *DBSession, orgId int64, teamId int64, userId int64) (models.TeamMember, error) {
+func getTeamMember(sess *sqlstore.DBSession, orgId int64, teamId int64, userId int64) (models.TeamMember, error) {
 	rawSQL := `SELECT * FROM team_member WHERE org_id=? and team_id=? and user_id=?`
 	var member models.TeamMember
 	exists, err := sess.SQL(rawSQL, orgId, teamId, userId).Get(&member)
@ -361,16 +374,16 @@ func getTeamMember(sess *DBSession, orgId int64, teamId int64, userId int64) (mo
 }

 // UpdateTeamMember updates a team member
-func (ss *SQLStore) UpdateTeamMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error {
-	return ss.WithTransactionalDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) UpdateMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		return updateTeamMember(sess, cmd.OrgId, cmd.TeamId, cmd.UserId, cmd.Permission)
 	})
 }

-func (ss *SQLStore) IsTeamMember(orgId int64, teamId int64, userId int64) (bool, error) {
+func (ss *xormStore) IsMember(orgId int64, teamId int64, userId int64) (bool, error) {
 	var isMember bool

-	err := ss.WithTransactionalDbSession(context.Background(), func(sess *DBSession) error {
+	err := ss.db.WithTransactionalDbSession(context.Background(), func(sess *sqlstore.DBSession) error {
 		var err error
 		isMember, err = isTeamMember(sess, orgId, teamId, userId)
 		return err
@ -379,7 +392,7 @@ func (ss *SQLStore) IsTeamMember(orgId int64, teamId int64, userId int64) (bool,
 	return isMember, err
 }

-func isTeamMember(sess *DBSession, orgId int64, teamId int64, userId int64) (bool, error) {
+func isTeamMember(sess *sqlstore.DBSession, orgId int64, teamId int64, userId int64) (bool, error) {
 	if res, err := sess.Query("SELECT 1 FROM team_member WHERE org_id=? and team_id=? and user_id=?", orgId, teamId, userId); err != nil {
 		return false, err
 	} else if len(res) != 1 {
@ -391,7 +404,7 @@ func isTeamMember(sess *DBSession, orgId int64, teamId int64, userId int64) (boo

 // AddOrUpdateTeamMemberHook is called from team resource permission service
 // it adds user to a team or updates user permissions in a team within the given transaction session
-func AddOrUpdateTeamMemberHook(sess *DBSession, userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
+func AddOrUpdateTeamMemberHook(sess *sqlstore.DBSession, userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
 	isMember, err := isTeamMember(sess, orgID, teamID, userID)
 	if err != nil {
 		return err
@ -406,7 +419,7 @@ func AddOrUpdateTeamMemberHook(sess *DBSession, userID, orgID, teamID int64, isE
 	return err
 }

-func addTeamMember(sess *DBSession, orgID, teamID, userID int64, isExternal bool, permission models.PermissionType) error {
+func addTeamMember(sess *sqlstore.DBSession, orgID, teamID, userID int64, isExternal bool, permission models.PermissionType) error {
 	if _, err := teamExists(orgID, teamID, sess); err != nil {
 		return err
 	}
@ -425,7 +438,7 @@ func addTeamMember(sess *DBSession, orgID, teamID, userID int64, isExternal bool
 	return err
 }

-func updateTeamMember(sess *DBSession, orgID, teamID, userID int64, permission models.PermissionType) error {
+func updateTeamMember(sess *sqlstore.DBSession, orgID, teamID, userID int64, permission models.PermissionType) error {
 	member, err := getTeamMember(sess, orgID, teamID, userID)
 	if err != nil {
 		return err
@ -441,19 +454,19 @@ func updateTeamMember(sess *DBSession, orgID, teamID, userID int64, permission m
 }

 // RemoveTeamMember removes a member from a team
-func (ss *SQLStore) RemoveTeamMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error {
-	return ss.WithTransactionalDbSession(ctx, func(sess *DBSession) error {
+func (ss *xormStore) RemoveMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
 		return removeTeamMember(sess, cmd)
 	})
 }

 // RemoveTeamMemberHook is called from team resource permission service
 // it removes a member from a team within the given transaction session
-func RemoveTeamMemberHook(sess *DBSession, cmd *models.RemoveTeamMemberCommand) error {
+func RemoveTeamMemberHook(sess *sqlstore.DBSession, cmd *models.RemoveTeamMemberCommand) error {
 	return removeTeamMember(sess, cmd)
 }

-func removeTeamMember(sess *DBSession, cmd *models.RemoveTeamMemberCommand) error {
+func removeTeamMember(sess *sqlstore.DBSession, cmd *models.RemoveTeamMemberCommand) error {
 	if _, err := teamExists(cmd.OrgId, cmd.TeamId, sess); err != nil {
 		return err
 	}
@ -474,7 +487,7 @@ func removeTeamMember(sess *DBSession, cmd *models.RemoveTeamMemberCommand) erro
 // GetUserTeamMemberships return a list of memberships to teams granted to a user
 // If external is specified, only memberships provided by an external auth provider will be listed
 // This function doesn't perform any accesscontrol filtering.
-func (ss *SQLStore) GetUserTeamMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error) {
+func (ss *xormStore) GetMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error) {
 	query := &models.GetTeamMembersQuery{
 		OrgId:    orgID,
 		UserId:   userID,
@ -486,15 +499,15 @@ func (ss *SQLStore) GetUserTeamMemberships(ctx context.Context, orgID, userID in
 }

 // GetTeamMembers return a list of members for the specified team filtered based on the user's permissions
-func (ss *SQLStore) GetTeamMembers(ctx context.Context, query *models.GetTeamMembersQuery) error {
+func (ss *xormStore) GetMembers(ctx context.Context, query *models.GetTeamMembersQuery) error {
 	acFilter := &ac.SQLFilter{}
 	var err error

 	// With accesscontrol we filter out users based on the SignedInUser's permissions
 	// Note we assume that checking SignedInUser is allowed to see team members for this team has already been performed
 	// If the signed in user is not set no member will be returned
-	if !ac.IsDisabled(ss.Cfg) {
-		sqlID := fmt.Sprintf("%s.%s", ss.engine.Dialect().Quote("user"), ss.engine.Dialect().Quote("id"))
+	if !ac.IsDisabled(ss.cfg) {
+		sqlID := fmt.Sprintf("%s.%s", ss.db.GetDialect().Quote("user"), ss.db.GetDialect().Quote("id"))
 		*acFilter, err = ac.Filter(query.SignedInUser, sqlID, "users:id:", ac.ActionOrgUsersRead)
 		if err != nil {
 			return err
@ -505,16 +518,16 @@ func (ss *SQLStore) GetTeamMembers(ctx context.Context, query *models.GetTeamMem
 }

 // getTeamMembers return a list of members for the specified team
-func (ss *SQLStore) getTeamMembers(ctx context.Context, query *models.GetTeamMembersQuery, acUserFilter *ac.SQLFilter) error {
-	return ss.WithDbSession(ctx, func(dbSess *DBSession) error {
+func (ss *xormStore) getTeamMembers(ctx context.Context, query *models.GetTeamMembersQuery, acUserFilter *ac.SQLFilter) error {
+	return ss.db.WithDbSession(ctx, func(dbSess *sqlstore.DBSession) error {
 		query.Result = make([]*models.TeamMemberDTO, 0)
 		sess := dbSess.Table("team_member")
-		sess.Join("INNER", ss.Dialect.Quote("user"),
-			fmt.Sprintf("team_member.user_id=%s.%s", ss.Dialect.Quote("user"), ss.Dialect.Quote("id")),
+		sess.Join("INNER", ss.db.GetDialect().Quote("user"),
+			fmt.Sprintf("team_member.user_id=%s.%s", ss.db.GetDialect().Quote("user"), ss.db.GetDialect().Quote("id")),
 		)

 		// explicitly check for serviceaccounts
-		sess.Where(fmt.Sprintf("%s.is_service_account=?", ss.Dialect.Quote("user")), ss.Dialect.BooleanStr(false))
+		sess.Where(fmt.Sprintf("%s.is_service_account=?", ss.db.GetDialect().Quote("user")), ss.db.GetDialect().BooleanStr(false))

 		if acUserFilter != nil {
 			sess.Where(acUserFilter.Where, acUserFilter.Args...)
@ -525,7 +538,7 @@ func (ss *SQLStore) getTeamMembers(ctx context.Context, query *models.GetTeamMem
 		SELECT id from user_auth
 			WHERE user_auth.user_id = team_member.user_id
 			ORDER BY user_auth.created DESC `
-		authJoinCondition = "user_auth.id=" + authJoinCondition + ss.Dialect.Limit(1) + ")"
+		authJoinCondition = "user_auth.id=" + authJoinCondition + ss.db.GetDialect().Limit(1) + ")"
 		sess.Join("LEFT", "user_auth", authJoinCondition)

 		if query.OrgId != 0 {
@ -538,7 +551,7 @@ func (ss *SQLStore) getTeamMembers(ctx context.Context, query *models.GetTeamMem
 			sess.Where("team_member.user_id=?", query.UserId)
 		}
 		if query.External {
-			sess.Where("team_member.external=?", ss.Dialect.BooleanStr(true))
+			sess.Where("team_member.external=?", ss.db.GetDialect().BooleanStr(true))
 		}
 		sess.Cols(
 			"team_member.org_id",
@ -558,17 +571,17 @@ func (ss *SQLStore) getTeamMembers(ctx context.Context, query *models.GetTeamMem
 	})
 }

-func (ss *SQLStore) IsAdminOfTeams(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
-	return ss.WithDbSession(ctx, func(sess *DBSession) error {
-		builder := &SQLBuilder{}
-		builder.Write("SELECT COUNT(team.id) AS count FROM team INNER JOIN team_member ON team_member.team_id = team.id WHERE team.org_id = ? AND team_member.user_id = ? AND team_member.permission = ?", query.SignedInUser.OrgID, query.SignedInUser.UserID, models.PERMISSION_ADMIN)
+func (ss *xormStore) IsAdmin(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		sql := "SELECT COUNT(team.id) AS count FROM team INNER JOIN team_member ON team_member.team_id = team.id WHERE team.org_id = ? AND team_member.user_id = ? AND team_member.permission = ?"
+		params := []interface{}{query.SignedInUser.OrgID, query.SignedInUser.UserID, models.PERMISSION_ADMIN}

 		type teamCount struct {
 			Count int64
 		}

 		resp := make([]*teamCount, 0)
-		if err := sess.SQL(builder.GetSQLString(), builder.params...).Find(&resp); err != nil {
+		if err := sess.SQL(sql, params...).Find(&resp); err != nil {
 			return err
 		}

--- a/pkg/services/team/teamimpl/store_test.go
+++ b/pkg/services/team/teamimpl/store_test.go
@ -1,17 +1,19 @@
-package sqlstore
+package teamimpl

 import (
 	"context"
 	"fmt"
+	"strings"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
+	"time"

 	"github.com/grafana/grafana/pkg/models"
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/serviceaccounts"
+	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/user"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
@ -19,7 +21,8 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 		t.Skip("skipping integration test")
 	}
 	t.Run("Testing Team commands & queries", func(t *testing.T) {
-		sqlStore := InitTestDB(t)
+		sqlStore := sqlstore.InitTestDB(t)
+		teamSvc := ProvideService(sqlStore, sqlStore.Cfg)
 		testUser := &user.SignedInUser{
 			OrgID: 1,
 			Permissions: map[int64]map[string][]string{
@ -50,16 +53,16 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 					require.NoError(t, err)
 					userIds = append(userIds, usr.ID)
 				}
-				team1, err = sqlStore.CreateTeam("group1 name", "test1@test.com", testOrgID)
+				team1, err = teamSvc.CreateTeam("group1 name", "test1@test.com", testOrgID)
 				require.NoError(t, err)
-				team2, err = sqlStore.CreateTeam("group2 name", "test2@test.com", testOrgID)
+				team2, err = teamSvc.CreateTeam("group2 name", "test2@test.com", testOrgID)
 				require.NoError(t, err)
 			}
 			setup()

 			t.Run("Should be able to create teams and add users", func(t *testing.T) {
 				query := &models.SearchTeamsQuery{OrgId: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
-				err = sqlStore.SearchTeams(context.Background(), query)
+				err = teamSvc.SearchTeams(context.Background(), query)
 				require.NoError(t, err)
 				require.Equal(t, query.Page, 1)

@ -69,13 +72,13 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				require.Equal(t, team1.OrgId, testOrgID)
 				require.EqualValues(t, team1.MemberCount, 0)

-				err = sqlStore.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
+				err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
 				require.NoError(t, err)
-				err = sqlStore.AddTeamMember(userIds[1], testOrgID, team1.Id, true, 0)
+				err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, true, 0)
 				require.NoError(t, err)

 				q1 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), q1)
+				err = teamSvc.GetTeamMembers(context.Background(), q1)
 				require.NoError(t, err)
 				require.Equal(t, len(q1.Result), 2)
 				require.Equal(t, q1.Result[0].TeamId, team1.Id)
@ -87,7 +90,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				require.Equal(t, q1.Result[1].External, true)

 				q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, External: true, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), q2)
+				err = teamSvc.GetTeamMembers(context.Background(), q2)
 				require.NoError(t, err)
 				require.Equal(t, len(q2.Result), 1)
 				require.Equal(t, q2.Result[0].TeamId, team1.Id)
@ -95,13 +98,13 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				require.Equal(t, q2.Result[0].OrgId, testOrgID)
 				require.Equal(t, q2.Result[0].External, true)

-				err = sqlStore.SearchTeams(context.Background(), query)
+				err = teamSvc.SearchTeams(context.Background(), query)
 				require.NoError(t, err)
 				team1 = query.Result.Teams[0]
 				require.EqualValues(t, team1.MemberCount, 2)

 				getTeamQuery := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: team1.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamById(context.Background(), getTeamQuery)
+				err = teamSvc.GetTeamById(context.Background(), getTeamQuery)
 				require.NoError(t, err)
 				team1 = getTeamQuery.Result
 				require.Equal(t, team1.Name, "group1 name")
@ -111,22 +114,22 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 			})

 			t.Run("Should return latest auth module for users when getting team members", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				userId := userIds[1]

 				teamQuery := &models.SearchTeamsQuery{OrgId: testOrgID, Name: "group1 name", Page: 1, Limit: 10, SignedInUser: testUser}
-				err = sqlStore.SearchTeams(context.Background(), teamQuery)
+				err = teamSvc.SearchTeams(context.Background(), teamQuery)
 				require.NoError(t, err)
 				require.Equal(t, teamQuery.Page, 1)

 				team1 := teamQuery.Result.Teams[0]

-				err = sqlStore.AddTeamMember(userId, testOrgID, team1.Id, true, 0)
+				err = teamSvc.AddTeamMember(userId, testOrgID, team1.Id, true, 0)
 				require.NoError(t, err)

 				memberQuery := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, External: true, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), memberQuery)
+				err = teamSvc.GetTeamMembers(context.Background(), memberQuery)
 				require.NoError(t, err)
 				require.Equal(t, len(memberQuery.Result), 1)
 				require.Equal(t, memberQuery.Result[0].TeamId, team1.Id)
@ -138,15 +141,15 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 			t.Run("Should be able to update users in a team", func(t *testing.T) {
 				userId := userIds[0]
 				team := team1
-				err = sqlStore.AddTeamMember(userId, testOrgID, team.Id, false, 0)
+				err = teamSvc.AddTeamMember(userId, testOrgID, team.Id, false, 0)
 				require.NoError(t, err)

 				qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), qBeforeUpdate)
+				err = teamSvc.GetTeamMembers(context.Background(), qBeforeUpdate)
 				require.NoError(t, err)
 				require.EqualValues(t, qBeforeUpdate.Result[0].Permission, 0)

-				err = sqlStore.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
+				err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
 					UserId:     userId,
 					OrgId:      testOrgID,
 					TeamId:     team.Id,
@ -156,26 +159,26 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				require.NoError(t, err)

 				qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), qAfterUpdate)
+				err = teamSvc.GetTeamMembers(context.Background(), qAfterUpdate)
 				require.NoError(t, err)
 				require.Equal(t, qAfterUpdate.Result[0].Permission, models.PERMISSION_ADMIN)
 			})

 			t.Run("Should default to member permission level when updating a user with invalid permission level", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				userID := userIds[0]
 				team := team1
-				err = sqlStore.AddTeamMember(userID, testOrgID, team.Id, false, 0)
+				err = teamSvc.AddTeamMember(userID, testOrgID, team.Id, false, 0)
 				require.NoError(t, err)

 				qBeforeUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), qBeforeUpdate)
+				err = teamSvc.GetTeamMembers(context.Background(), qBeforeUpdate)
 				require.NoError(t, err)
 				require.EqualValues(t, qBeforeUpdate.Result[0].Permission, 0)

 				invalidPermissionLevel := models.PERMISSION_EDIT
-				err = sqlStore.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
+				err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
 					UserId:     userID,
 					OrgId:      testOrgID,
 					TeamId:     team.Id,
@ -185,15 +188,15 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				require.NoError(t, err)

 				qAfterUpdate := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), qAfterUpdate)
+				err = teamSvc.GetTeamMembers(context.Background(), qAfterUpdate)
 				require.NoError(t, err)
 				require.EqualValues(t, qAfterUpdate.Result[0].Permission, 0)
 			})

 			t.Run("Shouldn't be able to update a user not in the team.", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
-				err = sqlStore.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
+				err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{
 					UserId:     1,
 					OrgId:      testOrgID,
 					TeamId:     team1.Id,
@ -205,22 +208,22 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {

 			t.Run("Should be able to search for teams", func(t *testing.T) {
 				query := &models.SearchTeamsQuery{OrgId: testOrgID, Query: "group", Page: 1, SignedInUser: testUser}
-				err = sqlStore.SearchTeams(context.Background(), query)
+				err = teamSvc.SearchTeams(context.Background(), query)
 				require.NoError(t, err)
 				require.Equal(t, len(query.Result.Teams), 2)
 				require.EqualValues(t, query.Result.TotalCount, 2)

 				query2 := &models.SearchTeamsQuery{OrgId: testOrgID, Query: "", SignedInUser: testUser}
-				err = sqlStore.SearchTeams(context.Background(), query2)
+				err = teamSvc.SearchTeams(context.Background(), query2)
 				require.NoError(t, err)
 				require.Equal(t, len(query2.Result.Teams), 2)
 			})

 			t.Run("Should be able to return all teams a user is member of", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				groupId := team2.Id
-				err := sqlStore.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
+				err := teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
 				require.NoError(t, err)

 				query := &models.GetTeamsByUserQuery{
@ -239,61 +242,61 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 			})

 			t.Run("Should be able to remove users from a group", func(t *testing.T) {
-				err = sqlStore.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
+				err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
 				require.NoError(t, err)

-				err = sqlStore.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
+				err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
 				require.NoError(t, err)

 				q2 := &models.GetTeamMembersQuery{OrgId: testOrgID, TeamId: team1.Id, SignedInUser: testUser}
-				err = sqlStore.GetTeamMembers(context.Background(), q2)
+				err = teamSvc.GetTeamMembers(context.Background(), q2)
 				require.NoError(t, err)
 				require.Equal(t, len(q2.Result), 0)
 			})

 			t.Run("Should have empty teams", func(t *testing.T) {
-				err = sqlStore.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
+				err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
 				require.NoError(t, err)

 				t.Run("A user should be able to remove the admin permission for the last admin", func(t *testing.T) {
-					err = sqlStore.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
+					err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
 					require.NoError(t, err)
 				})

 				t.Run("A user should be able to remove the last member", func(t *testing.T) {
-					err = sqlStore.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
+					err = teamSvc.RemoveTeamMember(context.Background(), &models.RemoveTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0]})
 					require.NoError(t, err)
 				})

 				t.Run("A user should be able to remove the admin permission if there are other admins", func(t *testing.T) {
-					sqlStore = InitTestDB(t)
+					sqlStore = sqlstore.InitTestDB(t)
 					setup()

-					err = sqlStore.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
+					err = teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
 					require.NoError(t, err)

-					err = sqlStore.AddTeamMember(userIds[1], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
+					err = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, false, models.PERMISSION_ADMIN)
 					require.NoError(t, err)
-					err = sqlStore.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
+					err = teamSvc.UpdateTeamMember(context.Background(), &models.UpdateTeamMemberCommand{OrgId: testOrgID, TeamId: team1.Id, UserId: userIds[0], Permission: 0})
 					require.NoError(t, err)
 				})
 			})

 			t.Run("Should be able to remove a group with users and permissions", func(t *testing.T) {
 				groupId := team2.Id
-				err := sqlStore.AddTeamMember(userIds[1], testOrgID, groupId, false, 0)
+				err := teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, 0)
 				require.NoError(t, err)
-				err = sqlStore.AddTeamMember(userIds[2], testOrgID, groupId, false, 0)
+				err = teamSvc.AddTeamMember(userIds[2], testOrgID, groupId, false, 0)
 				require.NoError(t, err)
 				err = updateDashboardACL(t, sqlStore, 1, &models.DashboardACL{
 					DashboardID: 1, OrgID: testOrgID, Permission: models.PERMISSION_EDIT, TeamID: groupId,
 				})
 				require.NoError(t, err)
-				err = sqlStore.DeleteTeam(context.Background(), &models.DeleteTeamCommand{OrgId: testOrgID, Id: groupId})
+				err = teamSvc.DeleteTeam(context.Background(), &models.DeleteTeamCommand{OrgId: testOrgID, Id: groupId})
 				require.NoError(t, err)

 				query := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: groupId}
-				err = sqlStore.GetTeamById(context.Background(), query)
+				err = teamSvc.GetTeamById(context.Background(), query)
 				require.Equal(t, err, models.ErrTeamNotFound)

 				permQuery := &models.GetDashboardACLInfoListQuery{DashboardID: 1, OrgID: testOrgID}
@ -304,27 +307,27 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 			})

 			t.Run("Should be able to return if user is admin of teams or not", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				groupId := team2.Id
-				err := sqlStore.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
+				err := teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
 				require.NoError(t, err)
-				err = sqlStore.AddTeamMember(userIds[1], testOrgID, groupId, false, models.PERMISSION_ADMIN)
+				err = teamSvc.AddTeamMember(userIds[1], testOrgID, groupId, false, models.PERMISSION_ADMIN)
 				require.NoError(t, err)

 				query := &models.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[0]}}
-				err = sqlStore.IsAdminOfTeams(context.Background(), query)
+				err = teamSvc.IsAdminOfTeams(context.Background(), query)
 				require.NoError(t, err)
 				require.False(t, query.Result)

 				query = &models.IsAdminOfTeamsQuery{SignedInUser: &user.SignedInUser{OrgID: testOrgID, UserID: userIds[1]}}
-				err = sqlStore.IsAdminOfTeams(context.Background(), query)
+				err = teamSvc.IsAdminOfTeams(context.Background(), query)
 				require.NoError(t, err)
 				require.True(t, query.Result)
 			})

 			t.Run("Should not return hidden users in team member count", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				signedInUser := &user.SignedInUser{
 					Login: "loginuser0",
@ -339,35 +342,35 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 				hiddenUsers := map[string]struct{}{"loginuser0": {}, "loginuser1": {}}

 				teamId := team1.Id
-				err = sqlStore.AddTeamMember(userIds[0], testOrgID, teamId, false, 0)
+				err = teamSvc.AddTeamMember(userIds[0], testOrgID, teamId, false, 0)
 				require.NoError(t, err)
-				err = sqlStore.AddTeamMember(userIds[1], testOrgID, teamId, false, 0)
+				err = teamSvc.AddTeamMember(userIds[1], testOrgID, teamId, false, 0)
 				require.NoError(t, err)
-				err = sqlStore.AddTeamMember(userIds[2], testOrgID, teamId, false, 0)
+				err = teamSvc.AddTeamMember(userIds[2], testOrgID, teamId, false, 0)
 				require.NoError(t, err)

 				searchQuery := &models.SearchTeamsQuery{OrgId: testOrgID, Page: 1, Limit: 10, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
-				err = sqlStore.SearchTeams(context.Background(), searchQuery)
+				err = teamSvc.SearchTeams(context.Background(), searchQuery)
 				require.NoError(t, err)
 				require.Equal(t, len(searchQuery.Result.Teams), 2)
 				team1 := searchQuery.Result.Teams[0]
 				require.EqualValues(t, team1.MemberCount, 2)

 				searchQueryFilteredByUser := &models.SearchTeamsQuery{OrgId: testOrgID, Page: 1, Limit: 10, UserIdFilter: userIds[0], SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
-				err = sqlStore.SearchTeams(context.Background(), searchQueryFilteredByUser)
+				err = teamSvc.SearchTeams(context.Background(), searchQueryFilteredByUser)
 				require.NoError(t, err)
 				require.Equal(t, len(searchQueryFilteredByUser.Result.Teams), 1)
 				team1 = searchQuery.Result.Teams[0]
 				require.EqualValues(t, team1.MemberCount, 2)

 				getTeamQuery := &models.GetTeamByIdQuery{OrgId: testOrgID, Id: teamId, SignedInUser: signedInUser, HiddenUsers: hiddenUsers}
-				err = sqlStore.GetTeamById(context.Background(), getTeamQuery)
+				err = teamSvc.GetTeamById(context.Background(), getTeamQuery)
 				require.NoError(t, err)
 				require.EqualValues(t, getTeamQuery.Result.MemberCount, 2)
 			})

 			t.Run("Should be able to exclude service accounts from teamembers", func(t *testing.T) {
-				sqlStore = InitTestDB(t)
+				sqlStore = sqlstore.InitTestDB(t)
 				setup()
 				userCmd = user.CreateUserCommand{
 					Email:            fmt.Sprint("sa", 1, "@test.com"),
@ -380,11 +383,11 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {

 				groupId := team2.Id
 				// add service account to team
-				err = sqlStore.AddTeamMember(serviceAccount.ID, testOrgID, groupId, false, 0)
+				err = teamSvc.AddTeamMember(serviceAccount.ID, testOrgID, groupId, false, 0)
 				require.NoError(t, err)

 				// add user to team
-				err = sqlStore.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
+				err = teamSvc.AddTeamMember(userIds[0], testOrgID, groupId, false, 0)
 				require.NoError(t, err)

 				teamMembersQuery := &models.GetTeamMembersQuery{
@ -392,7 +395,7 @@ func TestIntegrationTeamCommandsAndQueries(t *testing.T) {
 					SignedInUser: testUser,
 					TeamId:       groupId,
 				}
-				err = sqlStore.GetTeamMembers(context.Background(), teamMembersQuery)
+				err = teamSvc.GetTeamMembers(context.Background(), teamMembersQuery)
 				require.NoError(t, err)
 				// should not receive service account from query
 				require.Equal(t, len(teamMembersQuery.Result), 1)
@ -451,17 +454,18 @@ func TestIntegrationSQLStore_SearchTeams(t *testing.T) {
 		},
 	}

-	store := InitTestDB(t, InitTestDBOpt{})
+	store := sqlstore.InitTestDB(t, sqlstore.InitTestDBOpt{})
+	teamSvc := ProvideService(store, store.Cfg)

 	// Seed 10 teams
 	for i := 1; i <= 10; i++ {
-		_, err := store.CreateTeam(fmt.Sprintf("team-%d", i), fmt.Sprintf("team-%d@example.org", i), 1)
+		_, err := teamSvc.CreateTeam(fmt.Sprintf("team-%d", i), fmt.Sprintf("team-%d@example.org", i), 1)
 		require.NoError(t, err)
 	}

 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			err := store.SearchTeams(context.Background(), tt.query)
+			err := teamSvc.SearchTeams(context.Background(), tt.query)
 			require.NoError(t, err)
 			assert.Len(t, tt.query.Result.Teams, tt.expectedNumUsers)
 			assert.Equal(t, tt.query.Result.TotalCount, int64(tt.expectedNumUsers))
@ -485,10 +489,11 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) {
 	userIds := make([]int64, 4)

 	// Seed 2 teams with 2 members
-	setup := func(store *SQLStore) {
-		team1, errCreateTeam := store.CreateTeam("group1 name", "test1@example.org", testOrgID)
+	setup := func(store *sqlstore.SQLStore) {
+		teamSvc := ProvideService(store, store.Cfg)
+		team1, errCreateTeam := teamSvc.CreateTeam("group1 name", "test1@example.org", testOrgID)
 		require.NoError(t, errCreateTeam)
-		team2, errCreateTeam := store.CreateTeam("group2 name", "test2@example.org", testOrgID)
+		team2, errCreateTeam := teamSvc.CreateTeam("group2 name", "test2@example.org", testOrgID)
 		require.NoError(t, errCreateTeam)

 		for i := 0; i < 4; i++ {
@ -502,18 +507,19 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) {
 			userIds[i] = user.ID
 		}

-		errAddMember := store.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
+		errAddMember := teamSvc.AddTeamMember(userIds[0], testOrgID, team1.Id, false, 0)
 		require.NoError(t, errAddMember)
-		errAddMember = store.AddTeamMember(userIds[1], testOrgID, team1.Id, false, 0)
+		errAddMember = teamSvc.AddTeamMember(userIds[1], testOrgID, team1.Id, false, 0)
 		require.NoError(t, errAddMember)
-		errAddMember = store.AddTeamMember(userIds[2], testOrgID, team2.Id, false, 0)
+		errAddMember = teamSvc.AddTeamMember(userIds[2], testOrgID, team2.Id, false, 0)
 		require.NoError(t, errAddMember)
-		errAddMember = store.AddTeamMember(userIds[3], testOrgID, team2.Id, false, 0)
+		errAddMember = teamSvc.AddTeamMember(userIds[3], testOrgID, team2.Id, false, 0)
 		require.NoError(t, errAddMember)
 	}

-	store := InitTestDB(t, InitTestDBOpt{})
+	store := sqlstore.InitTestDB(t, sqlstore.InitTestDBOpt{})
 	setup(store)
+	teamSvc := ProvideService(store, store.Cfg)

 	type getTeamMembersTestCase struct {
 		desc             string
@ -563,7 +569,7 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
-			err := store.GetTeamMembers(context.Background(), tt.query)
+			err := teamSvc.GetTeamMembers(context.Background(), tt.query)
 			require.NoError(t, err)
 			assert.Len(t, tt.query.Result, tt.expectedNumUsers)

@ -578,3 +584,132 @@ func TestIntegrationSQLStore_GetTeamMembers_ACFilter(t *testing.T) {
 		})
 	}
 }
+
+func hasWildcardScope(user *user.SignedInUser, action string) bool {
+	for _, scope := range user.Permissions[user.OrgID][action] {
+		if strings.HasSuffix(scope, ":*") {
+			return true
+		}
+	}
+	return false
+}
+
+// TODO: Use FakeDashboardStore when org has its own service
+func updateDashboardACL(t *testing.T, sqlStore *sqlstore.SQLStore, dashboardID int64, items ...*models.DashboardACL) error {
+	t.Helper()
+
+	err := sqlStore.WithDbSession(context.Background(), func(sess *sqlstore.DBSession) error {
+		_, err := sess.Exec("DELETE FROM dashboard_acl WHERE dashboard_id=?", dashboardID)
+		if err != nil {
+			return fmt.Errorf("deleting from dashboard_acl failed: %w", err)
+		}
+
+		for _, item := range items {
+			item.Created = time.Now()
+			item.Updated = time.Now()
+			if item.UserID == 0 && item.TeamID == 0 && (item.Role == nil || !item.Role.IsValid()) {
+				return models.ErrDashboardACLInfoMissing
+			}
+
+			if item.DashboardID == 0 {
+				return models.ErrDashboardPermissionDashboardEmpty
+			}
+
+			sess.Nullable("user_id", "team_id")
+			if _, err := sess.Insert(item); err != nil {
+				return err
+			}
+		}
+
+		// Update dashboard HasACL flag
+		dashboard := models.Dashboard{HasACL: true}
+		_, err = sess.Cols("has_acl").Where("id=?", dashboardID).Update(&dashboard)
+		return err
+	})
+	return err
+}
+
+// This function was copied from pkg/services/dashboards/database to circumvent
+// import cycles. When this org-related code is refactored into a service the
+// tests can the real GetDashboardACLInfoList functions
+func getDashboardACLInfoList(s *sqlstore.SQLStore, query *models.GetDashboardACLInfoListQuery) error {
+	outerErr := s.WithDbSession(context.Background(), func(dbSession *sqlstore.DBSession) error {
+		query.Result = make([]*models.DashboardACLInfoDTO, 0)
+		falseStr := s.GetDialect().BooleanStr(false)
+
+		if query.DashboardID == 0 {
+			sql := `SELECT
+		da.id,
+		da.org_id,
+		da.dashboard_id,
+		da.user_id,
+		da.team_id,
+		da.permission,
+		da.role,
+		da.created,
+		da.updated,
+		'' as user_login,
+		'' as user_email,
+		'' as team,
+		'' as title,
+		'' as slug,
+		'' as uid,` +
+				falseStr + ` AS is_folder,` +
+				falseStr + ` AS inherited
+		FROM dashboard_acl as da
+		WHERE da.dashboard_id = -1`
+			return dbSession.SQL(sql).Find(&query.Result)
+		}
+
+		rawSQL := `
+			-- get permissions for the dashboard and its parent folder
+			SELECT
+				da.id,
+				da.org_id,
+				da.dashboard_id,
+				da.user_id,
+				da.team_id,
+				da.permission,
+				da.role,
+				da.created,
+				da.updated,
+				u.login AS user_login,
+				u.email AS user_email,
+				ug.name AS team,
+				ug.email AS team_email,
+				d.title,
+				d.slug,
+				d.uid,
+				d.is_folder,
+				CASE WHEN (da.dashboard_id = -1 AND d.folder_id > 0) OR da.dashboard_id = d.folder_id THEN ` + s.GetDialect().BooleanStr(true) + ` ELSE ` + falseStr + ` END AS inherited
+			FROM dashboard as d
+				LEFT JOIN dashboard folder on folder.id = d.folder_id
+				LEFT JOIN dashboard_acl AS da ON
+				da.dashboard_id = d.id OR
+				da.dashboard_id = d.folder_id OR
+				(
+					-- include default permissions -->
+					da.org_id = -1 AND (
+					  (folder.id IS NOT NULL AND folder.has_acl = ` + falseStr + `) OR
+					  (folder.id IS NULL AND d.has_acl = ` + falseStr + `)
+					)
+				)
+				LEFT JOIN ` + s.GetDialect().Quote("user") + ` AS u ON u.id = da.user_id
+				LEFT JOIN team ug on ug.id = da.team_id
+			WHERE d.org_id = ? AND d.id = ? AND da.id IS NOT NULL
+			ORDER BY da.id ASC
+			`
+
+		return dbSession.SQL(rawSQL, query.OrgID, query.DashboardID).Find(&query.Result)
+	})
+
+	if outerErr != nil {
+		return outerErr
+	}
+
+	for _, p := range query.Result {
+		p.PermissionName = p.Permission.String()
+	}
+
+	return nil
+}
--- a/pkg/services/team/teamimpl/team.go
+++ b/pkg/services/team/teamimpl/team.go
@ -4,66 +4,67 @@ import (
 	"context"

 	"github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/sqlstore/db"
 	"github.com/grafana/grafana/pkg/services/team"
+	"github.com/grafana/grafana/pkg/setting"
 )

 type Service struct {
-	store *sqlstore.SQLStore
+	store store
 }

-func ProvideService(sqlStore *sqlstore.SQLStore) team.Service {
-	return &Service{store: sqlStore}
+func ProvideService(db db.DB, cfg *setting.Cfg) team.Service {
+	return &Service{store: &xormStore{db: db, cfg: cfg}}
 }

 func (s *Service) CreateTeam(name, email string, orgID int64) (models.Team, error) {
-	return s.store.CreateTeam(name, email, orgID)
+	return s.store.Create(name, email, orgID)
 }

 func (s *Service) UpdateTeam(ctx context.Context, cmd *models.UpdateTeamCommand) error {
-	return s.store.UpdateTeam(ctx, cmd)
+	return s.store.Update(ctx, cmd)
 }

 func (s *Service) DeleteTeam(ctx context.Context, cmd *models.DeleteTeamCommand) error {
-	return s.store.DeleteTeam(ctx, cmd)
+	return s.store.Delete(ctx, cmd)
 }

 func (s *Service) SearchTeams(ctx context.Context, query *models.SearchTeamsQuery) error {
-	return s.store.SearchTeams(ctx, query)
+	return s.store.Search(ctx, query)
 }

 func (s *Service) GetTeamById(ctx context.Context, query *models.GetTeamByIdQuery) error {
-	return s.store.GetTeamById(ctx, query)
+	return s.store.GetById(ctx, query)
 }

 func (s *Service) GetTeamsByUser(ctx context.Context, query *models.GetTeamsByUserQuery) error {
-	return s.store.GetTeamsByUser(ctx, query)
+	return s.store.GetByUser(ctx, query)
 }

 func (s *Service) AddTeamMember(userID, orgID, teamID int64, isExternal bool, permission models.PermissionType) error {
-	return s.store.AddTeamMember(userID, orgID, teamID, isExternal, permission)
+	return s.store.AddMember(userID, orgID, teamID, isExternal, permission)
 }

 func (s *Service) UpdateTeamMember(ctx context.Context, cmd *models.UpdateTeamMemberCommand) error {
-	return s.store.UpdateTeamMember(ctx, cmd)
+	return s.store.UpdateMember(ctx, cmd)
 }

 func (s *Service) IsTeamMember(orgId int64, teamId int64, userId int64) (bool, error) {
-	return s.store.IsTeamMember(orgId, teamId, userId)
+	return s.store.IsMember(orgId, teamId, userId)
 }

 func (s *Service) RemoveTeamMember(ctx context.Context, cmd *models.RemoveTeamMemberCommand) error {
-	return s.store.RemoveTeamMember(ctx, cmd)
+	return s.store.RemoveMember(ctx, cmd)
 }

 func (s *Service) GetUserTeamMemberships(ctx context.Context, orgID, userID int64, external bool) ([]*models.TeamMemberDTO, error) {
-	return s.store.GetUserTeamMemberships(ctx, orgID, userID, external)
+	return s.store.GetMemberships(ctx, orgID, userID, external)
 }

 func (s *Service) GetTeamMembers(ctx context.Context, query *models.GetTeamMembersQuery) error {
-	return s.store.GetTeamMembers(ctx, query)
+	return s.store.GetMembers(ctx, query)
 }

 func (s *Service) IsAdminOfTeams(ctx context.Context, query *models.IsAdminOfTeamsQuery) error {
-	return s.store.IsAdminOfTeams(ctx, query)
+	return s.store.IsAdmin(ctx, query)
 }