Skip to content
NuxtBase logo NuxtBase Docs

Members & Roles

NuxtBase ships with three organization roles:

  • owner
  • admin
  • member

These roles are configured in the Better Auth organization plugin and then enforced again through UI behavior and server-side guards.

What the Roles Mean in Practice

Section titled “What the Roles Mean in Practice”

Owner

Section titled “Owner”

The owner is the highest organization role in normal product flows.

Owners can:

  • manage members
  • manage invitations
  • manage teams
  • manage billing
  • perform owner-only organization actions

Admin

Section titled “Admin”

Admins are managers, but not owners.

In the current template, admins can:

  • manage members
  • manage invitations
  • manage teams
  • manage billing

But they are still blocked from owner-only actions.

Member

Section titled “Member”

Members are regular organization users.

Members can use organization-scoped product features, but they do not get manager controls in the team-management screens.

The Frontend Manager Check

Section titled “The Frontend Manager Check”

In the dashboard UI, “manager” behavior is computed from the current organization membership.

The key frontend rule is:

  • owner and admin -> manager
  • member -> not a manager

This is what drives buttons like:

  • invite member
  • resend invite
  • cancel invite
  • create team
  • rename team
  • remove team

The Backend Guard Layer

Section titled “The Backend Guard Layer”

The template also enforces organization role checks on the server.

Important guards include:

  • requireActiveBillingManager()
  • requireOrganizationManager()
  • requireOrganizationOwner()

So even if you accidentally expose a UI action, the server still protects the mutation path.

Role-Specific Examples

Section titled “Role-Specific Examples”

Billing

Section titled “Billing”

Billing management allows:

  • owner
  • admin

and rejects regular members.

Owner-Only Organization Actions

Section titled “Owner-Only Organization Actions”

Some organization actions are explicitly owner-only. The server returns:

Only the organization owner can perform this action

for non-owner attempts.

What the Members Page Supports

Section titled “What the Members Page Supports”

On the dashboard members page, managers can:

  1. invite a new member
  2. choose member or admin for the invitation
  3. toggle an existing member between member and admin
  4. remove an existing member

The page intentionally prevents manager actions on:

  • the current signed-in user
  • the owner row

That makes the default behavior safer than a fully open member table.