Access Control Model
Access control in the starter is layered on purpose.
The buyer-level takeaway is that the repo does not force you into a single blunt role model.
The Layers
Roles
Organization roles provide the baseline staff model.
Permissions
Fine-grained permission keys let the product express more specific actions than broad tenant roles alone.
Capabilities
Capabilities gate larger product areas such as billing, webhooks, or API keys.
Why This Matters
Many starters collapse access control into a small role enum and then become hard to extend. This starter already separates tenant roles, detailed permissions, and feature-area gating.
That gives buyers a more realistic growth path when the product moves past simple owner-versus-member logic.
Enforcement Boundary
Backend enforcement is the source of truth. UI gating exists for navigation and UX, not as the real security layer.