Roles and Permissions Module
Types of roles
We manage the following role scheme:
- SuperAdmin: Owner and maximum administrator of the SaaS
- Organization (Tenant): A tenant which has N number of memberships, some of the admin type and others of the member type
- UserMembership: The active membership (in an organization) of the logged in user
Protecting at the Tenant level
Protecting in Server Components - Frontend
const { userMembership } = await getMembership();
{
isOrganizationAdmin(userMembership) && (
<div>
...
</div>
);
}
Protecting at the SuperAdmin level
Protecting in Server Components - Frontend
import { isSuperAdmin } from "@/utils/facades/serverFacades/superAdminFacade";
const { userMembership } = await getMembership();
if (!isSuperAdmin(userMembership)) {
return <ForbiddenPage />;
}
Protecting in Server Side - Server Actions
"use server";
const scope = "superAdmin:billing:upsert";
export const deletePlan = async (modelId: number) => {
const { userMembership } = await getMembership();
checkPermission(userMembership.permissions, scope);
};
checkPermission checks the permissions in the metadata of the clerk instance against the associated permissions in the database for that user
If you don't have permission, we return 403.