Skip to content

Custom roles and permissions#523

Open
bean1352 wants to merge 17 commits into
mainfrom
roles-and-permissions
Open

Custom roles and permissions#523
bean1352 wants to merge 17 commits into
mainfrom
roles-and-permissions

Conversation

@bean1352

Copy link
Copy Markdown
Contributor

Summary

Adds a Roles and Permissions section to the PowerSync Dashboard page, covering built-in roles, custom roles, the permissions table, access levels, and project scope.

Changes

  • Explains what View, Deploy, and Manage grant
  • Lists each permission and its access levels in a table
  • Covers project scope and how permissions show up in the dashboard
  • Bumps page headings up a level so the on-page table of contents nests correctly
  • Adds screenshots of the Roles tab and the custom role builder

AI note

I used Claude to research the custom roles implementation and cross-check the permissions and access levels against the source (the permission catalog and role compiler), so the table reflects what the code actually grants.

@mintlify

mintlify Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
powersync 🟢 Ready View Preview Jun 29, 2026, 9:28 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated

- **View** gives read-only access to that area. The member can see it but cannot change anything.
- **Deploy** applies only to Instances. It gives View access plus the ability to deploy changes to an instance, such as updating the sync config and database connections. It does not allow creating or deleting instances.
- **Manage** gives full access to that area, including creating, editing, and deleting.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- **Manage** gives full access to that area, including creating, editing, and deleting.
- **Manage** gives full access to instances, including creating, editing, deploying and deleting.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the deploying part but left it generic because Manage applies to more permissions than just instances

Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
@bean1352 bean1352 marked this pull request as ready for review June 29, 2026 12:54
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated
Comment thread tools/powersync-dashboard.mdx Outdated

### Project Scope

Permissions fall into two groups. Organization-level permissions (Private Endpoints, Team, Billing, and Organization settings) always apply across the whole organization. Project-level permissions (Projects, Instances, Instance logs, Alert Rules, and Notification Rules) can be scoped to all projects or to a specific set of projects that you choose.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't there 3 groups? Organization, Project, Instance? Project-level permissions just being quite minimal. From the UI breakdown we have these 3 groups (e.g. in the permissions dropdown) and it aligns nicely with the high level hierarchy https://docs.powersync.com/tools/powersync-dashboard#hierarchy-organization-project-instance


A project-scoped member is granted their permissions inside the selected projects and has no access outside them. The Manage level on Projects is only available on roles scoped to all projects, since creating and deleting projects is an organization-scoped action.

### How Permissions Appear in the Dashboard

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need this? Feels a bit like AI generated info overload. Feels intuitive enough that if a user doesn't have permission they will in some way be blocked - I also don't think we should say something like "will stay visible but disabled" explicitly, because we might not be consistent with that or choose a different means to block them for some cases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants