Features
Role-based access control and permissions

Roles and Permissions Module

Types of roles

We manage the following role scheme:

  • SuperAdmin: Owner and maximum administrator of the SaaS
  • Organization (Tenant): A tenant which has N number of memberships, some of the admin type and others of the member type
  • UserMembership: The active membership (in an organization) of the logged in user

Protecting at the Tenant level

Protecting in Server Components - Frontend

 
const { userMembership } = await getMembership();
 
{
  isOrganizationAdmin(userMembership) && (
    <div>
        ...
    </div>
  );
}

Protecting at the SuperAdmin level

Protecting in Server Components - Frontend

import { isSuperAdmin } from "@/utils/facades/serverFacades/superAdminFacade";
 
const { userMembership } = await getMembership();
 
if (!isSuperAdmin(userMembership)) {
  return <ForbiddenPage />;
}

Protecting in Server Side - Server Actions

"use server";
 
const scope = "superAdmin:billing:upsert";
 
export const deletePlan = async (modelId: number) => {
  const { userMembership } = await getMembership();
 
  checkPermission(userMembership.permissions, scope);
};

checkPermission checks the permissions in the metadata of the clerk instance against the associated permissions in the database for that user

If you don't have permission, we return 403.