Manage Access And Admin Work
Access is role-aware, admin routes fail closed, and sensitive work is tracked in audit logs.
On this page
Roles
The default roles are super_admin and user. Custom roles can expose selected feature access.
Admin pages
Admins manage branding, security, audit logs, team access, and waitlist operations.
Audit log
Important admin changes record actor, module, action, target, and before/after state.
Rate limits
Checkout, portal, waitlist, export, and other hot paths use policy-based limits.
Secure defaults to keep
- Do not trust client-supplied user or role fields when server identity is available.
- Validate webhook signatures before processing provider events.
- Keep the Supabase secret key server-only.
- Keep RLS enabled for exposed Supabase tables.
- Keep cron endpoints protected by CRON_SECRET.
- Do not log secrets, raw tokens, or full provider payloads.