Organizations & RBAC

Multi-tenant organizations, roles, permissions, and email invitations — built in and ready to toggle.

Overview

SiteKnock includes multi-tenant organizations (teams) and role-based access control (RBAC) so you can build collaborative, multi-customer SaaS without reinventing membership and permissions.

Organizations

Enable organizations and customize their behavior:

"organizations": {
  "enabled": true,
  "label": "Organization",
  "labelPlural": "Organizations",
  "defaultOrg": "Default Organization",
  "defaultRole": "member",
  "maxPerUser": 5,
  "invitations": true
}

What you get:

Each user can belong to multiple organizations (up to maxPerUser).
A default organization is created automatically on sign-up.
Email invitations to join organizations (when enabled).
Organization-scoped data isolation.
Custom labels — call them "Teams", "Workspaces", or anything that fits your product.

Roles and permissions

RBAC is built on clear, typed roles and permissions:

Roles — owner, admin, and member by default; you can define custom roles.
Permissions — scoped by resource and action, such as users:read or billing:manage.

Backend routes that return organization-scoped data verify membership first, so a user can only ever see data for organizations they belong to:

const session = await auth.api.getSession({ headers: req.headers })
const membership = await checkOrgMembership(session.user.id, req.params.orgId)
if (!membership) {
  res.status(403).json({ error: "Forbidden" })
  return
}

Configure in Studio

Toggle organizations, set the singular and plural labels, choose the default organization name and default role, set the maximum organizations per user, and toggle email invitations.

Next steps

Members & Roles

The membership and role model in depth.

Dashboard & Admin

The UI for managing members and roles.

Was this page helpful?