Use the admin and organization plugin together
I would like to use the admin and organization plugin together, how should I configure access control roles? I saw that it is configured in both plugins with import { defaultStatements, adminAc } from 'better-auth/plugins/organization/access' and import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";
1 Reply
it's effectively two different types of access.
TLDR: Admin concerns the site as a whole and supercedes any Organization roles. Organization roles only concern itself with members of that particular organization.
Admin is across the site entirely and is
admin / user by default. Can someone do x / y / z thing that is not Organization / Team specific such as impersonating users, taking administrative actions such as moving users to different organizations without invites, handling payment processing stuff etc. Generally site wide concerns.
Organization role is different. It defines what an individual can do within that organization. owner, admin, member are the defaults IIRC. Anything related to "can a user do this" are defined by those roles and the permissions associated with it. Effectively it's only that organization though. They can't do anything to an organization that they are not a part of.
Note: This is from memory as I recently looked at this for my own site