PermitOS
AvailableFor adminAuthentication & orgs

Organization and permissions

How sign-in, organizations, roles, and Row-Level Security combine to keep workspaces isolated.

Last updated 2026-05-11

Sign-in

Email/password auth with verification. Sign-up creates a profile, an organization, and an owner membership in one transaction.

Roles

owner — full control, can delete the organization. admin — manage members, billing, and settings. reviewer — can confirm, dismiss, and annotate issues. member — can create projects, upload documents, and run prechecks. viewer — read-only across the workspace.

Row-Level Security

All organization-scoped tables have RLS policies that require organization_memberships membership for the requesting user. Direct table access from the client is safe; cross-org reads are blocked at the database.

Storage

The permit-documents bucket is private. Files are accessed through signed URLs derived from object paths, never exposed publicly.

Related docs

Core conceptsAvailable

PermitOS concepts

Glossary of the entities PermitOS works with: projects, packets, documents, prechecks, issues, scores, corrections, zoning checks, and activity.

Data modelAvailable

Data model

The Supabase tables that back PermitOS and how they relate.