← ClaudeAtlas

rbaclisted

RBAC multi-tenant patterns: role tables, permission checks, row-level scoping, organization isolation, middleware guards for Next.js and Express/FastAPI
Claudient/Claudient · ★ 4 · AI & Automation · score 65
Install: claude install-skill Claudient/Claudient
# RBAC Multi-Tenant Skill ## When to activate - Building a multi-tenant SaaS where users belong to organizations - Implementing role-based access control (admin, editor, viewer, etc.) - Scoping database queries so users only see their organization's data - Adding permission middleware to API routes - Designing the database schema for roles and permissions ## When NOT to use - Single-tenant apps where all authenticated users have the same access - Simple boolean `isAdmin` checks — only worth the complexity at 3+ roles - When Better Auth's built-in organization plugin covers your needs (check that first) ## Instructions ### Database schema ```typescript // db/schema.ts — Drizzle import { pgTable, text, uuid, timestamp, pgEnum, unique } from 'drizzle-orm/pg-core' import { relations } from 'drizzle-orm' export const roleEnum = pgEnum('role', ['owner', 'admin', 'editor', 'viewer']) export const organizations = pgTable('organizations', { id: uuid('id').primaryKey().defaultRandom(), name: text('name').notNull(), slug: text('slug').notNull().unique(), plan: text('plan', { enum: ['free', 'pro', 'enterprise'] }).default('free').notNull(), createdAt: timestamp('created_at').defaultNow().notNull(), }) export const users = pgTable('users', { id: uuid('id').primaryKey().defaultRandom(), email: text('email').notNull().unique(), name: text('name'), }) // Many-to-many: users ↔ organizations with a role export const memberships = pgTable('memb