Super Admin recommendation
Is there an intended way to handle super admins with organizations in better-auth?
I'd like to implement a super admin role that can manage all the resources in both the admin plugin and the organization plugin.
Adding a super admin role to the admin access controls is easy enough. The problem is the organization APIs assume a user is a member of the org. Super admins aren't a member in every org, but need to function as if they are.
It seems there are two workarounds:
I'd like to implement a super admin role that can manage all the resources in both the admin plugin and the organization plugin.
Adding a super admin role to the admin access controls is easy enough. The problem is the organization APIs assume a user is a member of the org. Super admins aren't a member in every org, but need to function as if they are.
It seems there are two workarounds:
- Make every super admin a member of every organization. This requires keeping the state in-sync if/when their admin roles change, and adding memberships to every org for every new superadmin. Another side-effect is every view where an actual org admin lists the members must filter the super admins.
- Create custom api calls that call into the better-auth adapters to circumvent the org membership check. An issue here is the
getOrgAdapterfunction isn't exposed, so that function must be vendored in our codebase (along with the files it depends on).
