Home

Access Control

Supabase provides granular access controls to manage permissions across your organizations. For each organization, a member can have one of the following roles:

  • Owner
  • Administrator
  • Developer

note

Additional roles (Read-only and Billing) are available on the team and enterprise plans.

A default organization is created when you first sign in, at which point you'll be assigned the Owner role. Keep in mind that members can access all projects within the organization and that project level access control is not available at this time. Create a separate organization if you need to restrict access to certain projects.

Manage team members#

To invite others to collaborate, visit your organization's team settings to send an invite link to another user's email. The invite expires after 24 hours.

note

Invites sent from a SAML SSO account can only be accepted by another SAML SSO account from the same identity provider. This is a security measure to prevent accidental invites to accounts not managed by your enterprise's identity provider.

Transferring ownership of an organization#

Each Supabase organization can have one or more owners. If you no longer want be an owner of an organization, click Leave team in your organization's team settings. You can only leave an organization if there is at least one other owner. If you are transferring ownership of your organization to someone else, you will need to invite the new member with the Owner role. You can leave the organization after they've accepted the invitation.

Permissions across roles #

The table below shows the corresponding permissions for each available role you can assign a team member in the Dashboard.

PermissionsOwnerAdministratorDeveloperRead only 1
Organization
Change organization name
Delete organization
Members
Add an Owner
Remove an Owner
Add an Administrator
Remove an Administrator
Add a Developer
Remove a Developer
Revoke an invite
Resend an invite
Accept an invite2
Billing
Read invoices
Read billing email
Change billing email
View subscription
Update subscription
Read billing address
Update billing address
Read tax codes
Update tax codes
Read payment methods
Update payment methods
Projects
Create a project
Delete a project
Update a project
Pause a project
Resume a project
Restart a project
Manage tables
View Data

Footnotes#

  1. Available on the Teams and Enterprise Plans.

  2. Invites sent from a SSO account can only be accepted by another SSO account coming from the same identity provider. This is a security measure that prevents accidental invites to accounts not managed by your company's enterprise systems.