Skip to main content


SuperTokens provides User Roles feature which allows you to:

  • Create roles and associate them with an array of permissions.
  • Associate an array of roles to each user.
  • Fetch a list of roles and permissions for a user.
  • Save the roles and permissions in a session to access them effeciently on the frontend and backend APIs.
  • Guard frontend routes and backend APIs to only allow access if a user has a certain role or permission.

When using this recipe the general flow would be as follows:

  1. Create a role and assign permissions to that role
  2. Assign roles to users
  3. Protect your API and website routes by verifying that the user has the correct role and permissions
Basic User Roles Architecture
Multi Tenancy

In a multi tenant setup, roles and permissions are shared across all tenants, however, the mapping of users to roles are on a per tenant level.

For example, if you create one role ("admin") and add permissions to it for read:all and write:all, this role can be reused across all tenants. So, if you have user ID user1 that has access to tenant1 and tenant2, you can give them the admin role in tenant1, but not in tenant2 (which can have a different set of roles for this user).

Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI