Roles & Access
Role-gated areas: Customer Service, Tech Support, Accounting, Admin, Super User. Enforce via Supabase JWT role claims and RLS.
Customer Service: support inbox, user lookup, limited edits.
Tech Support: diagnostics, logs, read-only billing.
Accounting: invoices, refunds, CSV exports.
Admin: full config, blocklist, role assignments.
Super User: emergency overrides; audit every action.
Admins
Full platform control: billing, roles, audit, configuration.
| Name | Role | Status | Actions | |
|---|---|---|---|---|
| — | admin@neverhold.co | Admin | Active |
Managers
Team and billing oversight; limited platform settings.
| Name | Role | Status | Actions | |
|---|---|---|---|---|
| — | manager@example.com | Manager | Active |
Agents
Operational access with least privilege: task queues, support, limited data.
| Name | Role | Status | Actions | |
|---|---|---|---|---|
| — | agent@example.com | Agent | Active |
Customer Service
Lookup users, view balances, and apply limited goodwill credits.
Tech Support
Diagnostics, logs, and read-only billing visibility.
Accounting
Invoices, refunds/adjust, CSV export (role: accounting).
Super User
Elevated overrides; require strict audit and MFA.
Create User
Stub form for role-based creation (hook to backend later).
Billing
High-level overview (replace with live data).
Total Customers: —
Active Subscriptions: —
MRR (est.): —
Spam & Blocklist
Manage spam reports & blocklist (admin/super_user). Audit all changes.
- Review spam reports & scores
- Edit global blocklist
- Export changes for audit
Audit & Logs
Recent actions for traceability.
| When | User | Action | Details |
|---|---|---|---|
| — | admin@neverhold.co | Role change | Updated permissions |
Next Steps
- Wire Supabase client (service role for admin-only backend).
- Enforce RLS via JWT role claims: customer_service, technical_support, accounting, admin, super_user.
- Add protected routes and dashboards per role.
- Deploy via static hosting or a framework (e.g., Next.js) with server auth.