Permissions and Capabilities

Access control in this starter is layered. That is deliberate.

It separates tenant roles, fine-grained permissions, and larger product-area gates so buyers do not have to invent an access model from zero.

The Layers

1. Organization roles owner, admin, and member cover baseline tenant roles.
2. Permissions Fine-grained access keys live in shared packages and are enforced in Convex.
3. Capabilities Higher-level product areas can be turned on or off based on plan, flags, or permission bundles.

What Buyers Should Understand

• backend enforcement is the source of truth
• UI gating exists for UX, not security
• permissions and capabilities are already separated conceptually
• this model is meant to scale past simple role-only gating

Where It Lives

• packages/permissions
• packages/capabilities
• packages/backend/convex/org/access/*

Why This Matters

• you can add features without collapsing into role spaghetti
• plan-gated product areas already have a place in the model
• organization access and platform access are not confused with each other

Typical Buyer Questions This Answers

• Can I gate features by plan?
• Can I keep owner/admin/member while still adding custom permissions?
• Can backend access stay reliable even if the UI evolves quickly?

Related Docs

• auth-model.md
• billing-model.md
• integrations-matrix.md
• extension-workflow.md
• ../product/surfaces-and-host-model.md