Role-Based Access Control (RBAC)
Our RBAC system provides flexible and secure permission management for workspaces.
Initial Setup
To seed the database with default roles and permissions:
This will create:
- All default permissions in the database
- Three default roles (Owner, Admin, Member)
- Role-permission relationships
Permissions System
Our platform uses a granular permission system to control access to resources:
Available Permissions
Predefined permissions constants:
Member Permissions
view:membersView workspace memberscreate:membersAdd new membersupdate:membersUpdate member detailsdelete:membersDelete membersmanage:membersFull member managementinvite:membersSend invitationsremove:membersRemove members
Workspace Permissions
manage:rolesManage role assignmentsmanage:workspaceManage workspace settingsdelete:workspaceDelete workspacetransfer:ownershipTransfer ownership
Item Permissions
view:itemsView workspace itemscreate:itemsCreate new itemsupdate:itemsUpdate existing itemsdelete:itemsDelete items
Default Roles
The system comes with predefined roles that have specific permissions:
Default Roles Configuration
Predefined roles with their permissions:
Owner
Workspace owner with full administrative access
Admin
Workspace administrator with member management capabilities
Member
Regular workspace member with basic access
The RBAC system is automatically initialized during database seeding. Permissions and roles are created with predefined settings but can be modified through the admin interface.
Technical Implementation
The RBAC system uses a many-to-many relationship between roles and permissions, implemented using PostgreSQL through Drizzle ORM. This allows for flexible permission management and easy role assignments.