Home

Access Control

Supabase provides granular access controls to manage permissions across your organizations. For each organization, a member can have one of the following roles:

  • Owner
  • Administrator
  • Developer

A default organization is created when you first sign in and you'll be assigned the Owner role. Each member can access all projects under the organization. Project level invites are not available at this time. Create a separate organization if you need to restrict access to certain projects.

Manage team members#

To invite others to collaborate, visit your organization's team settings in the Dashboard to send an invite link to another user's email. The invite expires after 24 hours.

Transferring ownership of an organization#

Each Supabase organization can have one or more owners. If you no longer want be an owner of an organization, click Leave team in the members view (https://app.supabase.com/org/<org-slug>/settings#team) of your organization. However, you can only leave an organization when there is at least one other owner.

If you are transferring ownership of your organization to someone else, you will need to invite the new member with the Owner role. You can leave the organization after they've accepted the invitation.

Permissions across roles #

The table below shows the corresponding permissions for each available role you can assign a team member in the Dashboard.

PermissionsOwnerAdministratorDeveloper
Organization
Change organization name
Delete organization
Members
Add an Owner
Remove an Owner
Add an Administrator
Remove an Administrator
Add a Developer
Remove a Developer
Revoke an invite
Resend an invite
Accept an invite1
Billing
Read invoices
Read billing email
Change billing email
View subscription
Update subscription
Read billing address
Update billing address
Read tax codes
Update tax codes
Read payment methods
Update payment methods
Projects
Create a project
Delete a project
Update a project
Pause a project
Resume a project
Restart a project

Footnotes#

  1. Invites sent from a SSO account can only be accepted by another SSO account coming from the same identity provider. This is a security measure that prevents accidental invites to accounts not managed by your company's enterprise systems.