Roles & Permissions (RBAC)
Optare uses a strict Role-Based Access Control (RBAC) system to manage member permissions within an Organization.
The 4 Roles
The system defines 4 fixed roles (Enum: orgRoleEnum):
| Role | Key | Description |
|---|---|---|
| Owner | owner | Full access. Can delete the organization and manage billing. |
| Admin | admin | Can manage members, integrations, and settings. Cannot delete the org. |
| Member | member | Standard access. Can view and edit resources but cannot manage the org. |
| Guest | guest | Read-only access to specific resources. |
Permissions
Permissions are currently handled at the application level based on these roles.
- Owner: Typically has full access to billing, organization settings, and deletion.
- Admin: Can manage members and integrations.
- Member: Standard access to application features.
- Guest: Read-only access.
Custom Permissions
In addition to roles, the organization_member table supports a customPermissions JSON column for fine-grained access control specific to your application logic.