🏠 Overview 👥 User Roles 📖 Configure Row-Level Security Policies for Org Stru...

Configure Row-Level Security Policies for Org Structure Write Access

The Org Structure RLS Policy is a Supabase Row Level Security configuration that gates all INSERT, UPDATE, and DELETE operations on the organizations, national_associations, regions, and local_associations tables to users with admin-level roles. READ access is granted based on organizational membership — users can read the structure of organizations they belong to. Global Administrators are responsible for verifying that these policies are correctly applied and for diagnosing cases where an admin user is unexpectedly blocked from legitimate structural changes. The RLS configuration is a foundational security layer that operates transparently to end users.

HIGH story-org-structure-management-global-admin-008 5 pts
5
Story Points
High
Priority
Organization Structure Management
Feature

User Story

As a Global Administrator
I want the platform to enforce that only admin-level users can modify the organizational hierarchy while all members can read their own org's structure
So that So that coordinators and peer mentors cannot accidentally or maliciously alter the organizational hierarchy that underpins access control and reporting

Acceptance Criteria

  • Given a coordinator-role user is authenticated, when they attempt to call any write operation on the org hierarchy via the Org Structure Service, then the Supabase RLS policy blocks the operation and returns a permission denied error
  • Given an Organization Administrator is authenticated, when they perform a create or edit operation on a unit within their own organization, then the RLS policy allows the write and the operation succeeds
  • Given an Organization Administrator attempts to modify a unit belonging to a different organization, when the RLS policy evaluates the request, then the operation is denied
  • Given a peer mentor user is authenticated, when they fetch the organization tree for their affiliated local association, then the read query succeeds and returns only their own organizational context
  • Given a Global Administrator reviews RLS policy status, when they inspect the policy configuration, then all four hierarchy tables show write-restricted and read-scoped policies in active state

Business Value

The organizational hierarchy directly controls role-based access — who can see what data and who can act on whose behalf. A misconfigured RLS policy could allow unauthorized structural changes that silently corrupt access control, cause cross-organizational data leakage, or invalidate Bufdir reporting. This security layer is non-negotiable for GDPR compliance and platform integrity.

Components

Organization Structure Management
Related Feature
Global Administrator
User Role