SKILL-067 Teams, organizations, and multi-tenancy Locked skill

RBAC permissions

Check permissions, not roles, at the call site — roles are just bundles of permissions that will change.

What this skill helps you build

Map roles to permissions and gate every action through one can?(user, action, resource) check instead of scattered role comparisons.

The production takeaway

Check permissions, not roles, at the call site — roles are just bundles of permissions that will change.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Teams, organizations, and multi-tenancy

What this helps you build

A role based access control layer for a multi tenant SaaS: each member of an organization has a role owner , admin , member , viewer , each role grants a set of permissions, and ev

🔒

Teams, organizations, and multi-tenancy

When to use this

Reach for RBAC the moment more than one kind of person uses an account and they should not all be able to do the same things. Concretely: Team or organization accounts where some m

🔒

Teams, organizations, and multi-tenancy

The core idea

Roles are bundles of permissions , not the thing you check. A permission is a verb–noun fact like billing.manage or member.invite . A role is just a named set of those permissions.

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library