Supabase Enterprise RBAC

Overview

Supabase supports custom role-based access control (RBAC) by storing role information in app_metadata on the user's JWT, then reading those claims in RLS policies via auth.jwt() ->> 'role'. This skill implements a complete RBAC system: defining roles in app_metadata, writing RLS policies that enforce role hierarchies, scoping access by organization, managing roles through the Admin API, and protecting API endpoints with role checks — all using real createClient from @supabase/supabase-js.

When to use: Building multi-role applications (admin/editor/viewer), implementing organization-scoped access, creating custom permission systems beyond Supabase's built-in anon/authenticated roles, or scoping API operations by user role.

Prerequisites

@supabase/supabase-js v2+ with service role key for admin operations
Understanding of JWT claims and Supabase's auth.jwt() SQL function
Database access via SQL Editor or psql for RLS policy creation
Supabase project with authentication configured

supabase-enterprise-rbac

Supabase Enterprise RBAC

Overview

Prerequisites

Instructions

Step 1: Define Roles via app_metadata and JWT Claims

More from jeremylongshore/claude-code-plugins-plus-skills

backtesting-trading-strategies

mindmap-generator

svg-icon-generator

performance-lighthouse-runner

tracking-crypto-prices

d2-diagram-creator