Access Control
Supabase provides granular access controls to manage permissions across your organizations. For each organization, a member can have one of the following roles:
- Owner
- Administrator
- Developer
Additional roles (Read-only and Billing) are available on the team and enterprise plans.
A default organization is created when you first sign in, at which point you'll be assigned the Owner role. Keep in mind that members can access all projects within the organization and that project level access control is not available at this time. Create a separate organization if you need to restrict access to certain projects.
Manage team members
To invite others to collaborate, visit your organization's team settings to send an invite link to another user's email. The invite expires after 24 hours.
Invites sent from a SAML SSO account can only be accepted by another SAML SSO account from the same identity provider. This is a security measure to prevent accidental invites to accounts not managed by your enterprise's identity provider.
Transferring ownership of an organization
Each Supabase organization can have one or more owners. If you no longer want be an owner of an organization, click Leave team in your organization's team settings. You can only leave an organization if there is at least one other owner. If you are transferring ownership of your organization to someone else, you will need to invite the new member with the Owner role. You can leave the organization after they've accepted the invitation.
Permissions across roles
The table below shows the corresponding permissions for each available role you can assign a team member in the Dashboard.
| Permissions | Owner | Administrator | Developer | Read only 1 |
|---|---|---|---|---|
| Organization | ||||
| Change organization name | ||||
| Delete organization | ||||
| Members | ||||
| Add an Owner | ||||
| Remove an Owner | ||||
| Add an Administrator | ||||
| Remove an Administrator | ||||
| Add a Developer | ||||
| Remove a Developer | ||||
| Revoke an invite | ||||
| Resend an invite | ||||
| Accept an invite2 | ||||
| Billing | ||||
| Read invoices | ||||
| Read billing email | ||||
| Change billing email | ||||
| View subscription | ||||
| Update subscription | ||||
| Read billing address | ||||
| Update billing address | ||||
| Read tax codes | ||||
| Update tax codes | ||||
| Read payment methods | ||||
| Update payment methods | ||||
| Projects | ||||
| Create a project | ||||
| Delete a project | ||||
| Update a project | ||||
| Pause a project | ||||
| Resume a project | ||||
| Restart a project | ||||
| Manage tables | ||||
| View Data | 3 |
Footnotes
-
Available on the Teams and Enterprise Plans. ↩
-
Invites sent from a SSO account can only be accepted by another SSO account coming from the same identity provider. This is a security measure that prevents accidental invites to accounts not managed by your company's enterprise systems. ↩
-
Only available on projects using PostgreSQL 14 and above. You can upgrade your project through infrastructure settings. ↩