home / skills / jeremylongshore / claude-code-plugins-plus-skills / supabase-enterprise-rbac

supabase-enterprise-rbac skill

safe

/plugins/saas-packs/supabase-pack/skills/supabase-enterprise-rbac

This skill helps you configure Supabase enterprise SSO, RBAC, and organization controls with role mappings, middleware, and audit trails.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill supabase-enterprise-rbac

Review the files below or copy the command above to add this skill to your agents.

Files (5)

SKILL.md

1.6 KB

---
name: supabase-enterprise-rbac
description: |
  Configure Supabase enterprise SSO, role-based access control, and organization management.
  Use when implementing SSO integration, configuring role-based permissions,
  or setting up organization-level controls for Supabase.
  Trigger with phrases like "supabase SSO", "supabase RBAC",
  "supabase enterprise", "supabase roles", "supabase permissions", "supabase SAML".
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Supabase Enterprise Rbac

## Prerequisites
- Supabase Enterprise tier subscription
- Identity Provider (IdP) with SAML/OIDC support
- Understanding of role-based access patterns
- Audit logging infrastructure

## Instructions

### Step 1: Define Roles
Map organizational roles to Supabase permissions.

### Step 2: Configure SSO
Set up SAML or OIDC integration with your IdP.

### Step 3: Implement Middleware
Add permission checks to API endpoints.

### Step 4: Enable Audit Logging
Track all access for compliance.

## Output
- Role definitions implemented
- SSO integration configured
- Permission middleware active
- Audit trail enabled

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources
- [Supabase Enterprise Guide](https://supabase.com/docs/enterprise)
- [SAML 2.0 Specification](https://wiki.oasis-open.org/security/FrontPage)
- [OpenID Connect Spec](https://openid.net/specs/openid-connect-core-1_0.html)

Overview

This skill configures Supabase Enterprise SSO, role-based access control, and organization management to secure access across teams. It guides mapping organizational roles to Supabase permissions, wiring SAML/OIDC identity providers, and enabling audit trails for compliance. The result is enforceable access policies, centralized authentication, and a full audit trail for organization-level operations.

How this skill works

The skill walks through defining role-to-permission mappings and applying them inside Supabase projects. It shows how to configure SAML or OpenID Connect with your Identity Provider so users authenticate via enterprise SSO. Middleware snippets and placement guidance are provided to enforce permission checks at API endpoints. Finally, it enables and structures audit logging to capture access and administrative events for compliance and review.

When to use it

Setting up enterprise SSO for Supabase projects
Implementing organization-level roles and permission boundaries
Enforcing least-privilege access for APIs and dashboards
Preparing audit trails for compliance reviews or security audits
Integrating Supabase with corporate IdP via SAML or OIDC

Best practices

Start by inventorying organizational roles and required data plane actions before mapping to Supabase permissions
Use SAML or OIDC attributes (groups, roles, claims) to assign Supabase roles dynamically
Implement permission checks as middleware close to the API entry points to avoid scattered access logic
Log every authentication and authorization decision and centralize logs for monitoring and alerting
Test SSO and role mappings in a staging organization before rolling out to production

Example use cases

Onboard a new department and assign scoped read/write access using role mappings and SSO group sync
Protect administrative APIs with role-based middleware so only approved operators can perform migrations or secrets changes
Connect corporate IdP via SAML to provide single-click access to Supabase consoles for employees
Enable organization-level audit logging to meet internal compliance and incident investigation requirements

FAQ

What identity providers are supported?

Any IdP that supports SAML 2.0 or OpenID Connect can be integrated; map IdP claims or groups to Supabase roles.

How do I enforce permissions in my APIs?

Place permission-checking middleware at API entry points to validate the authenticated user's Supabase role and required action before processing requests.

Is audit logging required?

For enterprise deployments and compliance, enable audit logging to capture authentication, authorization, and administrative events; it aids investigations and reporting.