BA
Better Auth3d ago
eko

Super Admin role creation assistance

Hello Team, I am looking into creating a role based access control system within my app, I would like to have SUPERADMIN, ADMIN, USER level roles and wanted to see how i can add a new role and make use of this system. auth-client.ts 
import { adminClient } from "better-auth/client/plugins";
import { createAuthClient } from "better-auth/react";
export const { signIn, admin, useSession } = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: "http://localhost:3000",
  plugins: [adminClient()],
});
import { adminClient } from "better-auth/client/plugins";
import { createAuthClient } from "better-auth/react";
export const { signIn, admin, useSession } = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: "http://localhost:3000",
  plugins: [adminClient()],
});
auth.ts 
import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";
import prisma from "./prisma";
import { admin } from "better-auth/plugins";

export const auth = betterAuth({
  database: prismaAdapter(prisma, {
    provider: "postgresql", // or "mysql", "postgresql", ...etc
  }),
  emailAndPassword: {
    enabled: true,
  },
  plugins: [
    admin({
      adminRoles: ["SUPER_ADMIN", "ADMIN"],
    }),
  ],
});
import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";
import prisma from "./prisma";
import { admin } from "better-auth/plugins";

export const auth = betterAuth({
  database: prismaAdapter(prisma, {
    provider: "postgresql", // or "mysql", "postgresql", ...etc
  }),
  emailAndPassword: {
    enabled: true,
  },
  plugins: [
    admin({
      adminRoles: ["SUPER_ADMIN", "ADMIN"],
    }),
  ],
});

schema.prisma

4 Replies
eko
ekoOP3d ago
Also what is the difference between Admin and Organization plugins?
KiNFiSH
KiNFiSH3d ago
you can create a roles like this along with their resource and actions on the resource
export const superAdmin = ac.newRole({
  user: [
    "create",
    "list",
    "set-role",
    "ban",
    "impersonate",
    "delete",
    "set-password",
    "manage-admins",
  ],
  session: ["list", "revoke", "delete"],
});

export const admin = ac.newRole({
  user: [
    "create",
    "list",
    "set-role",
    "ban",
    "impersonate",
    "delete",
    "set-password",
  ],
  session: ["list", "revoke", "delete"],
});
export const superAdmin = ac.newRole({
  user: [
    "create",
    "list",
    "set-role",
    "ban",
    "impersonate",
    "delete",
    "set-password",
    "manage-admins",
  ],
  session: ["list", "revoke", "delete"],
});

export const admin = ac.newRole({
  user: [
    "create",
    "list",
    "set-role",
    "ban",
    "impersonate",
    "delete",
    "set-password",
  ],
  session: ["list", "revoke", "delete"],
});
and you can pass them to the the roles options with the admin config like 
 roles: {
        superAdmin,
        admin,
        user,
  },
 roles: {
        superAdmin,
        admin,
        user,
  },
and for checking you can make sure to use checkPermission api from admin plugin - 
const canManageAdmins = authClient.admin.checkRolePermission({
  role: "SUPER_ADMIN",
  permissions: {
    user: ["manage-admins"],
  },
});
const canManageAdmins = authClient.admin.checkRolePermission({
  role: "SUPER_ADMIN",
  permissions: {
    user: ["manage-admins"],
  },
});
KiNFiSH
KiNFiSH3d ago
The Admin plugin provides user management and role-based access control, while the Organization plugin enables multi-tenant organization management with teams and member permission. and they can also work well together for more advanced usage - for more pls check on the docs - https://www.better-auth.com/docs/plugins/admin
Admin | Better Auth
Admin plugin for Better Auth
eko
ekoOP21h ago
Thank you for the help @KiNFiSH any idea how it would be possible to seed an admin user ?

Did you find this page helpful?