Authorization

NextAdmin provides a robust foundation for Role-Based Access Control (RBAC). By default, the application is configured to handle different user roles, allowing you to restrict or grant access to specific features based on the user's permissions.

Role-Based Access Control (RBAC)

The core of our authorization system is built around user roles defined in your database. These roles determine what a user can see and do within the dashboard.

How it Works

User Roles: Each user is assigned a role (e.g., USER, ADMIN).
Middleware Protection: Routes are protected by Next.js Middleware, which checks the user's session and role before granting access.
Component-Level Checks: You can use the useSession hook or server-side checks to conditionally render UI elements.

Customizing Permissions

You can easily extend the default authorization logic to fit your business requirements.

Restricting Feature Access

If you want to give access to certain features based on custom logic, you can use our built-in utility functions. For example, restricting an API endpoint or a specific UI component:

Authorization Example

Middleware Configuration

To modify which routes are protected, look into the src/middleware.ts file. Here you can define matching patterns and redirection logic for unauthorized users.

// Example middleware check
if (token.role !== "ADMIN" && pathname.startsWith("/admin")) {
  return NextResponse.redirect(new URL("/unauthorized", request.url));
}

IMPORTANT: Always perform authorization checks on the server-side (in API routes or Server Actions) to ensure security, even if you are already hiding UI elements on the client.

Customizations Admin Access

Authorization

Role-Based Access Control (RBAC)

How it Works

Customizing Permissions

Restricting Feature Access

Middleware Configuration

Useful Links

Help & Support

Social Links