RBAC

Role and permission layout per Simulacrum template, middleware helpers, and how to extend safely.

Permission model

Permissions live in lib/auth/rbac.ts with granular strings such as content:write, billing:read, and * for super_admin. Middleware helpers combine authentication and authorization for /admin routes and API handlers.

Roles by template

| Template | Roles | | --- | --- | | E-commerce | super_admin, admin, staff, customer | | SaaS | super_admin, owner, admin, member, viewer | | Blog | admin, editor, author, subscriber | | Corporate | admin, editor, hr | | Portfolio / Docs / Landing | Admin-focused with optional editor |

Organizations (Startup+)

When multi-tenancy is enabled, roles are scoped per organization membership. See Organizations.

Start from the template’s default roles before renaming; tests and dashboards assume those permission boundaries.

Authentication overview
Super admin

RBAC

Permission model

Roles by template

Organizations (Startup+)

Related guides