Managing Roles and Permissions in the UI

Create and assign roles, permissions, and permission groups using Supamode's visual interface. No SQL required.

Supamode provides a visual interface for managing your entire permission structure. This guide covers creating roles, permissions, and permission groups through the UI.

Prerequisites: You must be signed in with a role that has system permissions for role, permission, and account resources (typically Super Admin or Root).

Managing Roles

Roles define what users can do in Supamode. Every admin account has exactly one role, and that role determines their permissions.

Viewing Roles

Navigate to Settings > Permissions and select the Roles tab (/settings/permissions?tab=roles).

Roles list showing all defined roles with their ranks

Click any role to view its details, including assigned permissions and permission groups.

Role details showing permissions and groups

Creating a Role

Click New Role in the top right
Fill in the role details:
- Name: A descriptive name (e.g., "Content Editor", "Support Agent")
- Description: What this role is for
- Rank: The role's position in the hierarchy (0-100)

Create role dialog with name, description, and rank fields

Understanding Role Rank

Rank determines who can manage whom:

Higher rank users can manage lower rank users
A rank 70 user cannot modify a rank 80 account
Use this to prevent junior admins from elevating privileges

Recommended rank structure:

Root/Super Admin: 100
Admin: 90
Developer: 80
Manager: 70
Support: 60
Viewer: 50

Creating Permissions

Navigate to Settings > Permissions and select the Permissions tab (/settings/permissions?tab=permissions).

Click New Permission to create a new permission.

Permission Fields

Field	Description
Name	Descriptive name (e.g., "Edit Blog Posts")
Description	What this permission allows
Type	System (admin features) or Data (database access)
Scope	For data permissions: Table or Storage
Action	What operations are allowed

System Permissions

System permissions control access to Supamode's admin features. Use these for managing users, roles, and system settings.

System resources:

account - Manage Supamode accounts
role - Create and edit roles
permission - Manage permissions
auth_user - Manage Supabase Auth users
table - Configure table metadata
log - Access audit logs
system_setting - Modify system settings

Data Permissions

Data permissions control access to your database tables and storage buckets.

Table Permissions

Configure access to specific tables:

Data permission form with schema and table fields

Field	Description	Example
Schema	Database schema	`public`, `billing`, `*`
Table	Table name	`posts`, `users`, `*`
Action	Operation type	`select`, `insert`, `update`, `delete`, `*`

Use * as a wildcard:

public.* grants access to all tables in public schema
*.* grants access to all tables (use sparingly)

Storage Permissions

Configure access to Supabase Storage buckets:

Storage permission form with bucket and path fields

Field	Description	Example
Bucket	Storage bucket name	`avatars`, `documents`, `*`
Path Pattern	File path pattern	`users/`, `public/`, `*`
Action	Operation type	`select`, `insert`, `update`, `delete`, `*`

Path patterns work like SQL LIKE:

users/* matches all files in the users folder
* matches all files in the bucket

Assigning Permissions to Roles

You can assign permissions to roles in two ways:

Direct assignment - Add individual permissions to a role
Permission groups - Create reusable bundles of permissions

Direct Assignment

Navigate to a role's detail page
Click Manage Permissions
Select the permissions to assign

Manage permissions dialog showing available permissions

Using Permission Groups

Permission groups bundle related permissions together. Assign a group to multiple roles, and updating the group updates all roles using it.

Creating a Permission Group

Go to Settings > Permissions > Permission Groups tab
Click New Permission Group
Add a name and description

Adding Permissions to a Group

Click on a permission group to view details
Click Manage Permissions
Select permissions to include

Permission group details with assigned permissions

Assigning Groups to Roles

Navigate to a role's detail page
Click Manage Permission Groups
Select groups to assign

Example: Setting Up a Content Editor Role

Here's a practical example of creating a role for content editors:

Create the role:
- Name: "Content Editor"
- Description: "Can manage blog posts and media"
- Rank: 60
Create permissions:
- "Read All Posts" (Data, Table: public.posts, Action: select)
- "Edit Posts" (Data, Table: public.posts, Action: update)
- "Create Posts" (Data, Table: public.posts, Action: insert)
- "Manage Media" (Data, Storage: media, Path: *, Action: *)
Create a permission group:
- Name: "Content Management"
- Add all four permissions above
Assign to role:
- Open the Content Editor role
- Click Manage Permission Groups
- Add the Content Management group

Now any user assigned the Content Editor role can manage posts and media, but cannot access other tables or admin features.

Frequently Asked Questions

Should I use direct permissions or permission groups?

Permission groups are recommended for most cases. They make it easier to manage permissions across multiple roles and keep your permission structure organized. Use direct assignment only for one-off permissions specific to a single role.

Can I use wildcards safely?

Use wildcards carefully. Schema-level wildcards (public.*) are reasonable for admin roles. Database-level wildcards (*.*) should only be used for Super Admin/Root roles. Always prefer specific table permissions when possible.

How do I see which roles have a specific permission?

Open the permission's detail page. It shows all roles that have this permission, either directly or through permission groups.

What happens if I delete a permission that's assigned to roles?

The permission is removed from all roles and permission groups that had it. Users with those roles lose that specific access immediately.

Can I duplicate a role?

There's no direct duplicate feature, but you can create a new role and assign the same permission groups. This is why permission groups are useful - you can reuse them across multiple roles.