User Roles

Understanding USER, ADMIN, and SUPERADMIN roles and their access levels.

LaunchFst uses three system-level roles to control access across the platform.

Role Hierarchy

RoleDashboardAdmin PanelSuperAdmin Panel
USERYesNoNo
ADMINYesYesNo
SUPERADMINYesNoYes

ADMIN and SUPERADMIN are mutually exclusive — an ADMIN cannot access SuperAdmin features and vice versa.

Checking Roles

Use the cached auth helpers from lib/auth-utils.ts:

import { getRequiredSession } from "@/lib/auth-utils"
import { getAdminSession } from "@/lib/auth-utils"
import { getSuperAdminSession } from "@/lib/auth-utils"

// Any authenticated user
const session = await getRequiredSession()

// ADMIN only (blocks USER and SUPERADMIN)
const adminSession = await getAdminSession()

// SUPERADMIN only (blocks USER and ADMIN)
const superSession = await getSuperAdminSession()

All helpers are wrapped with React.cache() so multiple calls in the same request are deduplicated.

USER Role

The default role for all new accounts. Users can:

  • Access the dashboard and personal settings
  • Create and join organizations
  • Manage their profile and subscription
  • Submit feedback and contact forms

ADMIN Role

Platform administrators who manage day-to-day operations:

  • View the Admin Panel at /dashboard/admin
  • Manage users (edit roles, disable accounts)
  • View contact submissions and feedback
  • Monitor newsletter subscribers

SUPERADMIN Role

Full platform control for the technical owner:

  • Access the SuperAdmin Panel at /dashboard/superadmin
  • View platform analytics (revenue, growth, user stats)
  • Manage all users and organizations
  • Access global search across all data
  • View and manage all system data

Plans

Users also have a plan field:

enum Plan {
  FREE
  STARTER
  PRO
  ENTERPRISE
}

Plan changes are driven by payment webhooks — the webhook handler updates User.plan when a subscription changes.

Subscription Status

enum SubStatus {
  INACTIVE
  ACTIVE
  TRIALING
  PAST_DUE
  CANCELLED
  PAUSED
}

The billing page displays this status with a colored badge.

Assigning Roles

Roles are stored on the User model as the role field.

To promote to SUPERADMIN:

pnpm make-superadmin your@email.com
# or: npx tsx scripts/make-superadmin.ts your@email.com

Through the SuperAdmin panel, you can change any user's role via /dashboard/superadmin/users.

Organization Roles

Separate from system roles, organizations have their own RBAC: OWNER, ADMIN, MEMBER. See Organizations for details.

PreviousOrganizationsNextSuperAdmin Panel

Demo Mode — Explore freely. Some actions are restricted. demo@launchfst.dev / demo1234

Get LaunchFst →