Better Auth•4w ago

How to fix the superAdmin problem

I read the docs and it says custom admin roles needs createAccessControl. How do I define it in the access control. @Better Auth

4 Replies

Better Auth•4w ago

You can define a custom admin role by importing and using the createAccessControl function. For example, start by declaring a permission statement (which maps resources to allowed actions), then instantiate an access control object, and finally use the newRole method to create your custom admin role. Here's a basic example:

import { createAccessControl } from "better-auth/plugins/access";
import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";

// Merge your custom permissions with the default statements if needed.
const statement = {
  ...defaultStatements,
  // Define any additional resources and actions if necessary.
  project: ["create", "share", "update", "delete"]
} as const;

// Create an access control instance with the statement.
const ac = createAccessControl(statement);

// Create a custom admin role by merging the default admin permissions with your custom ones.
const customAdmin = ac.newRole({
  ...adminAc.statements, // This provides the default admin permissions.
  project: ["create", "update"] // Override or add custom permissions as needed.
});

// Export your roles to pass them to the admin plugin.
export const roles = {
  admin: customAdmin,
  // ... other roles
};

import { createAccessControl } from "better-auth/plugins/access";
import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";

// Merge your custom permissions with the default statements if needed.
const statement = {
  ...defaultStatements,
  // Define any additional resources and actions if necessary.
  project: ["create", "share", "update", "delete"]
} as const;

// Create an access control instance with the statement.
const ac = createAccessControl(statement);

// Create a custom admin role by merging the default admin permissions with your custom ones.
const customAdmin = ac.newRole({
  ...adminAc.statements, // This provides the default admin permissions.
  project: ["create", "update"] // Override or add custom permissions as needed.
});

// Export your roles to pass them to the admin plugin.
export const roles = {
  admin: customAdmin,
  // ... other roles
};

This example demonstrates how you merge the default admin permissions (using adminAc.statements) with any custom permissions you want to apply. Once defined, pass this roles object to the admin plugin configuration to enable the custom admin role throughout your application [1]. Sources: [1] Admin | Better Auth

Admin | Better Auth

Admin plugin for Better Auth

HunterOP•4w ago

I read the docs and it says custom admin roles needs createAccessControl. How do I define it in the access control. And show the admin plugin setup as well and how they all connect @Better Auth

Better Auth•4w ago

Below is an example of how to define custom admin roles using the built‐in access control and then wiring it into the admin plugin. 1. First, import and use the access control API by creating your own statement. The statement defines resources and the permissions available for each. For example, if you want a custom admin role to manage projects, you can do:

import { createAccessControl } from "better-auth/plugins/access";

// Define your resources with their corresponding actions
const statement = {
  project: ["create", "share", "update", "delete"],
} as const;

// Create your access controller instance
export const ac = createAccessControl(statement);

import { createAccessControl } from "better-auth/plugins/access";

// Define your resources with their corresponding actions
const statement = {
  project: ["create", "share", "update", "delete"],
} as const;

// Create your access controller instance
export const ac = createAccessControl(statement);

[1] 2. Next, create a custom admin role using the access controller’s newRole method. You can merge the built-in admin permissions (if needed) to preserve default behavior and then add any custom rules. For example:

import { adminAc } from "better-auth/plugins/admin/access"; // if you want to merge default admin statements

// Create a custom admin role by merging defaults and explicit permissions
export const admin = ac.newRole({
  ...adminAc.statements, // merge built-in admin permissions
  project: ["create", "update"], // override or add your custom permissions for the "project" resource
});

import { adminAc } from "better-auth/plugins/admin/access"; // if you want to merge default admin statements

// Create a custom admin role by merging defaults and explicit permissions
export const admin = ac.newRole({
  ...adminAc.statements, // merge built-in admin permissions
  project: ["create", "update"], // override or add your custom permissions for the "project" resource
});

[1] 3. Finally, set up the admin plugin in your auth client configuration by passing the access controller and your custom roles. This connects the defined access control with the admin routes (or endpoints) so that permission checks work correctly. For example: ```ts import { createAuthClient } from "better-auth/react"; import { adminClient } from "better-auth/client/plugins"; // Create an auth client and inject your admin plugin configuration. export const authClient = createAuthClient({

Admin | Better Auth

Admin plugin for Better Auth

Better Auth•4w ago

plugins: [ // Pass your access controller and custom role adminClient({ ac, roles: { admin, // our custom admin role we just defined }, }), ], });

``
[[1]](https://www.better-auth.com/docs/plugins/admin)

In this setup, when the admin endpoints (like listing users or updating roles) are called, Better Auth will use the access control (via the provided

ac) to check if the user’s role (in this case, your custom admin`) has the necessary permissions as defined in your statement. This approach ensures that your custom admin permissions are enforced across both client and server calls. If you have further questions regarding custom admin roles or any other Better Auth feature, feel free to ask! Sources: [1] Admin | Better Auth

Admin | Better Auth

Admin plugin for Better Auth

Gaming

Programming

How to fix the superAdmin problem

Did you find this page helpful?