ZTS Docs

User Roles

Understanding user and admin roles in your application

User Roles

This repo includes a role-based access control system powered by Better Auth's admin plugin. This system provides two primary roles:

Available Roles

  • user: The default role assigned to all new users during registration. Users with this role have access to standard application features but cannot access administrative functions.
  • admin: Users with the admin role have elevated privileges, including access to the admin dashboard and the ability to manage other users.

Admin Dashboard

When logged in as an admin, you can access the /admin page to:

  • View a complete list of all registered users
  • Check user email verification status
  • Impersonate users (login as them) to troubleshoot or assist
  • Perform other administrative tasks

Assigning Admin Role

By default, all users are created with the 'user' role. To assign yourself or another user as an admin:

  1. Connect to your database directly
  2. Find the users table
  3. Locate the user record you want to promote
  4. Change the role field value from "user" to "admin"

Connecting to Your Database

We recommend using TablePlus to connect to your database using your database URL. Many hosting platforms also provide built-in data browsers:

  • Railway has a built-in data browser in their dashboard
  • Vercel integrates with various database providers
  • Supabase offers a SQL editor and table view

Security Considerations

  • Assign admin privileges sparingly and only to trusted users
  • Keep track of users with admin privileges
  • Consider using the impersonation feature instead of sharing admin credentials
  • Review admin activities regularly for security purposes

Impersonating Users

As an admin, you can temporarily log in as any user to:

  • Troubleshoot user-specific issues
  • Verify the user experience
  • Assist users with complex tasks

When impersonating a user, your actions will be logged as if performed by that user, but with a reference to your admin account.

Banning Users

Administrators can enforce platform rules by banning users who violate terms of service or engage in inappropriate behavior:

Ban Features

  • Temporary Bans: You can ban users for a specific time period (e.g., 24 hours, 7 days, 30 days)
  • Permanent Bans: You can ban users indefinitely with no expiration date
  • Ban Reasons: You can document the reason for the ban for internal records
  • Session Management: When a user is banned, all their active sessions are automatically terminated

When banned users attempt to log in, they'll receive a notification explaining they've been banned from the platform with the option to contact support if they believe it was in error.

To ban a user, navigate to the admin dashboard and use the ban option available on each user's record.

Proxy & route protection

Request handling in apps/web/src/proxy.ts (Next.js proxy).

Kitze UI

Overview of the Kitze UI components used in this project.

On this page