Skill

supabase-enterprise-rbac

Configure Supabase enterprise SSO, role-based access control, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls for Supabase. Trigger with phrases like "supabase SSO", "supabase RBAC", "supabase enterprise", "supabase roles", "supabase permissions", "supabase SAML".

From supabase-pack

Install

Run in your terminal

npx claudepluginhub nickloveinvesting/nick-love-plugins --plugin supabase-pack

Tool Access

This skill is limited to using the following tools:

ReadWriteEdit

Supporting Assets

View in Repository

references/errors.md

references/examples.md

references/role-implementation.md

references/sso-integration.md

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.6k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

evaluation-methodology

1 file

Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.

plugin-eval

32.9k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Supabase Enterprise Rbac

Prerequisites

Supabase Enterprise tier subscription
Identity Provider (IdP) with SAML/OIDC support
Understanding of role-based access patterns
Audit logging infrastructure

Instructions

Enterprise RBAC for Supabase involves coordinating three systems: your Identity Provider (IdP) for authentication, Supabase's Row Level Security for data authorization, and your application middleware for API-level enforcement. Getting these layers aligned correctly is critical — a misconfigured RLS policy can either block legitimate users or expose data to unauthorized roles, so testing each role definition against real queries before going to production is essential.

Step 1: Define Roles

Map organizational roles to Supabase permissions. Document each role's data access requirements, which tables they can read or write, and which operations require elevated privileges. Use Postgres roles to enforce separation at the database level.

Step 2: Configure SSO

Set up SAML or OIDC integration with your IdP. Ensure that the IdP passes the correct group or role claims in the token so Supabase can map them to the appropriate Postgres role at session start.

Step 3: Implement Middleware

Add permission checks to API endpoints. Middleware should extract the user's role from the JWT and reject requests that attempt operations the role is not authorized for before they reach the database.

Step 4: Enable Audit Logging

Track all access for compliance. Log the authenticated user, role, operation type, and timestamp for every data-modifying request so you have a complete audit trail for security reviews.

Output

Role definitions implemented and tested against representative queries
SSO integration configured with verified claim mapping
Permission middleware active and rejecting unauthorized operations
Audit trail enabled and capturing all data-modifying events

Error Handling

See ${CLAUDE_SKILL_DIR}/references/errors.md for comprehensive error handling.

Examples

See ${CLAUDE_SKILL_DIR}/references/examples.md for detailed examples.

Resources

Overview

Configure Supabase enterprise SSO, role-based access control, and organization management.