Permission Hierarchy (Fixed Backbone + Flex Tree)
This page explains the "Permission Hierarchy" (Concept 1) among Multi-SaaS Kit's 6 core concepts.
Multi-SaaS Kit's permission system has three layers β a fixed backbone (separate tables) + a flex tree (organizations, unlimited depth) + a leaf (Member). The single source of truth for this decision is ADR-058.
One-line representationβ
Platform > SaaS > Tenant > [ Org ... Org ] > Member
βββββββββ fixed backbone βββββββββ β flex tree β β leaf β
| Level | Name | Layer | Stored in |
|---|---|---|---|
| 0 | Platform Admin | fixed backbone | (no FK β global) |
| 1 | SaaS Admin | fixed backbone | saas_products |
| 2 | Tenant Admin | fixed backbone | tenants |
| 3 | Organization Admin | flex tree | organizations (org_level=3) |
| 4 | Workspace Admin | flex tree | organizations (org_level=4) |
| 5 | Group Leader | flex tree | organizations (org_level=5) |
| 6 | Member | leaf | users.organization_id β leaf node |
1. Fixed Backboneβ
The top three levels are a fixed structure, each with its own table.
- Level 0 Platform β platform-global. Not tied to a specific tenant/SaaS.
- Level 1 SaaS β
saas_products. Product identity (pricing plan, feature flags, default theme, brand). - Level 2 Tenant β
tenants. Customer organization = data isolation (RLS) boundary.
These three levels are always preserved regardless of multi-SaaS usage. (Even in a 1 project = 1 SaaS deployment, one saas_products row exists β ADR-029.)
2. Flex Treeβ
Levels 3β5 are not separate tables; they are a self-referencing tree in the single organizations table.
| Column | Role |
|---|---|
parent_id | self reference (parent org) |
path | Materialized Path (e.g. /1/3/7) |
depth | 0, 1, 2, β¦ unlimited |
org_level | 3β5 recommended label (any integer allowed; no behavioral effect) |
type | headquarters / branch / department / team, etc. (free) |
- Unlimited tree depth β arbitrary depth via the Materialized Path pattern.
- Free mid-node insertion β inserting a parent/child org into an existing tree is cheap.
- Nodes with the same
org_levelmay exist at multiple depths in the tree.
3. Leafβ
- Level 6 Member β
users.organization_idpoints to a leaf node of the tree.
β users.level (fixed 0β6) vs tree depth (unlimited) β independent conceptsβ
The most common misconception is to read the system as a "fixed 7-level tree". Precisely:
- The 0β6 classification of
users.levelis fixed (used by permission checks likehasLevelAtLeast()). - The actual operational org tree depth is unlimited, and
org_levelis merely a recommended label attached to a node. - That is, "permission classification (7 kinds)" and "org tree depth" are two independent concepts. What grows without limit is the number/depth of org nodes, not the number of permission Levels.
Minimal operating scenariosβ
| Scenario | Structure | users.organization_id | Suitable domain |
|---|---|---|---|
| Simple SaaS | Platform > SaaS > Tenant > Member | NULL | B2C, personal |
| Standard SaaS (recommended default) | Platform > SaaS > Tenant > Orgβ > Member | Orgβ.id | general B2B |
| Complex org | Platform > SaaS > Tenant > Orgβ > Orgβ > β¦ > Member | leaf node id | enterprise/group |
A new project's (
make create) default seed creates 5 demo accounts at Levels 0/1/2/3/6. Level 4 (Workspace) and 5 (Group) nodes are added by the operator when the org tree is expanded.
Code/schema SSOT & related docsβ
- Design decisions: ADR-058 (fixed backbone + flex tree), ADR-009 (Active Levels)
- Schema:
database/migrations/*_create_organizations_table.php(parent_id/path/depth/org_level/type) - Related architecture: Permission System overview, Multi-tenancy, Data Isolation, Site Operating Model