🔐 Permissions

RBAC Model · Permission Matrix · Access Decisions

◉ RBAC Ready

🔐RBAC Model Ready

Role-Based Access Control model is defined with 5 system roles and 24 permission resources. Real enforcement requires authenticated user context and verified Supabase database. Permissions shown here reflect the architectural design — not live enforcement.

Permission System Status

◉ Architecture Ready

RBAC ModelArchitecture Ready

Role Definitions5 system roles defined

Permission Resources24 resources defined

EnforcementPending Auth & Database

DatabaseConfigured — Not Verified

Auth ContextPending

Permission Matrix

Architecture design — not enforced until auth/database verified

Resource	Super Admin	Clinic Owner	Clinic Admin	Team Member	Viewer
leads	Full	Full	CRUD	CRU	R
contacts	Full	Full	CRUD	CRU	R
pipeline	Full	Full	CRUD	CRU	R
tasks	Full	Full	CRUD	CRU	R
appointments	Full	Full	CRUD	CRU	R
calls	Full	Full	CRUD	CRU	R
messages	Full	Full	CRUD	CRU	R
sequences	Full	Full	CRUD	CRU	R
calendar	Full	Full	CRUD	CRU	R
bookings	Full	Full	CRUD	CRU	R
settings	Full	Full	CRUD	CRU	R
billing	Full	Full	CRUD	CRU	R

Access Decision Engine

Real-time access decisions — pending auth context

⏳ Access decision engine requires authenticated user session. Architecture is ready — enforcement pending.