Creating and assigning permissions using the Supamode UI

Learn how to create and assign roles, permissions and permission groups

The easiest way to create and assign permissions is to use the Supamode UI. To do so, you need to be signed in as a Super Admin user.

We assume you are the database admin/developer of the Supabase project, have used one of the pre-defined seed files to assign yourself a Super Admin role, and are signed in as that user - so that you have the required permissions to create and assign permissions.

Creating a new role

Roles are foundational to the Supamode permission system. Each account in Supamode has exactly one role (or none). Roles dictate the permissions that an account has and their level of access to the application as defined by your settings.

Roles List

At /settings/permissions?tab=roles you can see the list of roles that are currently defined in the application.

Roles List

You can click on a role to view its details.

Role Details

In the role details page, you can see the permissions and the permission groups that are assigned to the role.

Roles can have assigned to the both permissions and permission groups:

  • Permissions: Permissions are the individual access rights that an account can have. For example, the ability to view a table, or to create a new record in a table.
  • Permission Groups: Permission groups are collections of permissions that can be assigned to a role. For example, the ability to view all tables, or to create a new record in all tables.

Creating a new role

To create a new role, click on the New Role button at the top right of the page.

New Role

The dialog allows you to create a new role with a name and a description, and a rank.

Role rank

The rank is used to determine the hierarchy of the role in the application. The rank is unique for each role. A role with a lower rank than another role cannot action an account with the higher rank role.

Permissions

Once you've created a role, you can assign permissions to it. Let's start by creating a new permission.

Creating a new permission

To create a new permission, click on the New Permission button at the top right of the page from the "Permissions" tab at '/settings/permissions?tab=permissions'.

New Permission

When you open the dialog, you can see the following fields:

  • Name: The name of the permission.
  • Description: The description of the permission.
  • Type: The type of the permission (System or Data)
  • Scope: The scope of the permission.
  • Action: The action of the permission.

System Permissions

System Permissions are permissions related to the application itself, such as the ability to view the settings page, or to create a new role.

Data Permissions

Data Permissions are permissions related to the data in the application, such as the ability to view a table, or to create a new record in a table.

When you select Type as "Data", you can see the following new scope fields:

  • Table: The scope of the permission is a table (for accessing data in the table)
  • Storage: The scope of the permission is a storage bucket (for accessing files in the storage bucket)
Table Permissions

When you select Table as the scope, you can see the following new fields:

  • Schema: The schema of the table.
  • Table: The table of the permission.

Both fields support the * wildcard, so you can select all tables in a schema, or all tables in the entire database (not recommended).

You can also select the action of the permission.

  • Action: The action of the permission, which can be one of the following:
    • Select: The ability to read the table.
    • Delete: The ability to delete the table.
    • Insert: The ability to create a new record in the table.
    • Update: The ability to update an existing record in the table.
    • All: The ability to do all of the above, by using the * wildcard.
Data Permission Form
Storage Permissions

When you select Storage as the scope, you can see the following new fields:

  • Storage Bucket: The bucket of the permission.
  • Storage Path Pattern: The path of the permission. This supports the * wildcard, so you can select all files in a bucket, or all files in the entire storage bucket (not recommended). It works exactly like % in SQL. To select all files under a specific path, you can use %path%, such as /users/* will select all files under the /users/ path. To give permissions to all files in a bucket, use the wildcard * as the path.
  • Action: The action of the permission, just like the table permissions.
Storage Permission Form

Assigning permissions to a role

To assign a permission to a role, you have two options:

  1. Direct Assignment: Assign a permission directly to the role
  2. Permission Group Assignment: Assign a permission group to the role

Permission groups are collections of permissions that can be assigned to a role, so you can batch them together for different roles.

Direct Assignment

To assign a permission directly to a role, navigate to a role from the roles tab at '/settings/permissions?tab=roles' and you can click on the Manage Permissions button at the top right of the page.

Manage Permissions

From the same page, you can also assign a permission group to the role by clicking on the Manage Permission Groups button at the top right of the page.

Manage Permissions Group

Permission Group Assignment

To assign a permissions to a permission group, you can create a new permission group from the "Permission Groups" tab at '/settings/permissions?tab=permission-groups' or select an existing permission group from the list.

Permission Groups

Once you've selected a permission group, you can see the details of the permission group, including the permissions and the roles that are assigned to it.

Permission Group Details

You can assign permissions to it by clicking on the Manage Permissions button at the top right of the page.

Manage Group Permissions

After assigning permissions to a permission group, make sure that the role you've also added the permission group to the role you want to customize.