Understanding Permission Levels
Stack2X uses role-based access control to manage what each person in your organization can do. Every team member is assigned one of four roles, each with a specific set of permissions. This guide explains what each role allows and how to manage them.
The Four Roles
Owner
The owner has full, unrestricted access to everything in the organization. Every organization has exactly one owner -- the person who created it. The owner can:
- Manage billing and subscription settings
- Delete the organization
- Transfer ownership to another member
- Do everything an admin, member, and viewer can do
Ownership cannot be shared. If you need to transfer ownership, go to your organization settings and use the transfer ownership option. The new owner must already be a member of the organization.
Admin
Admins have broad access to manage the organization's day-to-day operations. They can:
- Invite and remove team members
- Change other members' roles (except the owner's)
- Connect and disconnect Supabase instances
- Create and manage backups
- Run and manage migrations
- Access organization settings
Admins cannot change billing settings or delete the organization. This role is ideal for team leads or senior developers who need to manage the workspace without full ownership privileges.
Member
Members are the standard working role. They can:
- Create backups of connected instances
- Run migrations between connected instances
- View all instances, backups, and migration history
- Download backup files
Members cannot invite or remove team members, change roles, or modify organization settings. This role works well for developers and team members who need to perform backups and migrations but don't need to manage the workspace.
Viewer
Viewers have read-only access. They can:
- View connected instances and their status
- View backup history and migration logs
- View organization members and their roles
Viewers cannot create backups, run migrations, download files, or make any changes. This role is useful for stakeholders, auditors, or managers who need visibility into the organization's activity without the ability to modify anything.
Permissions at a Glance
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View instances and history | Yes | Yes | Yes | Yes |
| Create backups | Yes | Yes | Yes | No |
| Run migrations | Yes | Yes | Yes | No |
| Download backups | Yes | Yes | Yes | No |
| Connect/disconnect instances | Yes | Yes | No | No |
| Invite/remove members | Yes | Yes | No | No |
| Change member roles | Yes | Yes | No | No |
| Manage billing | Yes | No | No | No |
| Delete organization | Yes | No | No | No |
How to Change a Member's Role
Only owners and admins can change roles. To update someone's role:
- Open your organization settings from the sidebar.
- Go to the Members tab.
- Find the team member you want to update.
- Click the role dropdown next to their name and select the new role.
- The change takes effect immediately.
Keep in mind that admins cannot promote someone to admin or change the owner's role. Only the owner can promote members to admin.
Best Practices
Assign the least amount of access each person needs. If someone only needs to view activity logs, make them a viewer. If they need to run backups but shouldn't manage the team, make them a member. Reserve admin access for people who genuinely need to manage instances and team members.
Regularly review your member list and remove people who no longer need access. This keeps your organization secure and reduces the risk of unintended changes.