Claude Code Plugins

Community-maintained marketplace

Feedback

organization-management

@vanman2024/ai-dev-marketplace
0
0

Implement Clerk multi-tenant organization features with RBAC, role-based access control, organization switching, member management, and tenant isolation. Use when building multi-tenant SaaS applications, implementing organization hierarchies, configuring custom roles and permissions, setting up organization-scoped data isolation, or when user mentions organizations, RBAC, multi-tenancy, roles, permissions, organization switcher, member management, or tenant isolation.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name organization-management
description Implement Clerk multi-tenant organization features with RBAC, role-based access control, organization switching, member management, and tenant isolation. Use when building multi-tenant SaaS applications, implementing organization hierarchies, configuring custom roles and permissions, setting up organization-scoped data isolation, or when user mentions organizations, RBAC, multi-tenancy, roles, permissions, organization switcher, member management, or tenant isolation.
allowed-tools Read, Write, Edit, Grep, Glob, Bash

Organization Management

Purpose: Autonomously implement and configure Clerk organization features for multi-tenant applications with RBAC.

Activation Triggers:

  • Multi-tenant application requirements
  • Organization creation/management needs
  • Role-based access control (RBAC) implementation
  • Organization switcher/profile components
  • Member invitation and management
  • Organization-scoped data isolation
  • Custom role and permission setup
  • Tenant-specific features

Key Resources:

  • scripts/setup-organizations.sh - Enable and configure organizations
  • scripts/configure-roles.sh - Setup RBAC with custom roles
  • scripts/test-org-isolation.sh - Test tenant data isolation
  • templates/organization-schema.md - Multi-tenant database schema patterns
  • templates/rbac-policies.ts - Role and permission definitions
  • templates/organization-switcher.tsx - Organization switcher component
  • examples/multi-tenant-app.tsx - Complete multi-tenant application
  • examples/org-admin-dashboard.tsx - Organization admin interface

Implementation Workflow

1. Enable Organizations in Clerk Dashboard

Before implementing organization features, enable them in your Clerk Dashboard:

# Run setup script to guide through Clerk Dashboard configuration
./scripts/setup-organizations.sh

Manual steps (documented in script):

  1. Go to Clerk Dashboard → Organization Settings
  2. Enable "Organizations" feature
  3. Configure organization creation settings
  4. Set up default roles (admin, member)
  5. Configure organization metadata fields (if needed)

2. Configure RBAC (Role-Based Access Control)

# Setup custom roles and permissions
./scripts/configure-roles.sh [basic|advanced|custom]

# Examples:
./scripts/configure-roles.sh basic       # Admin + Member only
./scripts/configure-roles.sh advanced    # Admin + Manager + Member + Viewer
./scripts/configure-roles.sh custom      # Interactive custom role creation

Outputs:

  • RBAC policy TypeScript file with role definitions
  • Permission checking middleware
  • Role-based route protection examples
  • Clerk Dashboard configuration guide

3. Implement Organization Components

Use templates to create organization UI:

Organization Switcher (for multi-org users):

# Copy and customize organization switcher
cp templates/organization-switcher.tsx src/components/OrganizationSwitcher.tsx

Organization Schema (for database integration):

# View multi-tenant database schema patterns
cat templates/organization-schema.md

RBAC Policies:

# Copy RBAC policy definitions
cp templates/rbac-policies.ts src/lib/rbac.ts

4. Test Organization Isolation

# Test tenant data isolation (requires project running)
./scripts/test-org-isolation.sh

# Validates:
# - Data scoped to organization_id
# - Cross-tenant data leakage prevention
# - Role-based access enforcement
# - Organization switching works correctly

Organization Architecture Patterns

Multi-Tenant Data Isolation

Row-Level Security (RLS) Pattern:

-- Every table includes organization_id
CREATE TABLE projects (
  id UUID PRIMARY KEY,
  organization_id TEXT NOT NULL,
  name TEXT NOT NULL,
  created_at TIMESTAMP DEFAULT NOW()
);

-- RLS Policy (Supabase/Postgres)
CREATE POLICY "Users can only access their org's projects"
ON projects FOR ALL
USING (organization_id = current_setting('app.current_organization_id'));

Application-Level Scoping:

// Always filter by organization_id in queries
const projects = await db.projects.findMany({
  where: {
    organizationId: user.organizationId
  }
});

RBAC Implementation Levels

Level 1: Basic (Admin/Member)

  • Admin: Full organization control
  • Member: Limited access to org resources

Level 2: Advanced (4+ roles)

  • Admin: Full control
  • Manager: Team management, no billing
  • Member: Regular access
  • Viewer: Read-only access

Level 3: Custom (Granular permissions)

  • Define specific permissions: project:create, billing:manage, members:invite
  • Assign permissions to roles
  • Check permissions at route/component level

Component Examples

Organization Switcher Component

See templates/organization-switcher.tsx for complete component with:

  • Organization selection dropdown
  • Create new organization option
  • Organization settings link
  • Active organization indicator
  • Keyboard navigation support

Organization Admin Dashboard

See examples/org-admin-dashboard.tsx for:

  • Member list with role management
  • Pending invitations display
  • Role assignment interface
  • Organization settings
  • Billing integration (if using Clerk Billing)

Multi-Tenant Application Structure

See examples/multi-tenant-app.tsx for:

  • Organization context provider
  • Organization-scoped routing
  • Data isolation patterns
  • Permission-based UI rendering
  • Organization switching flow

Common Use Cases

Use Case 1: SaaS Application with Teams

# Enable organizations + advanced RBAC
./scripts/setup-organizations.sh
./scripts/configure-roles.sh advanced

# Implement organization switcher
cp templates/organization-switcher.tsx src/components/

Use Case 2: Enterprise Multi-Tenant Platform

# Enable organizations + custom RBAC with granular permissions
./scripts/setup-organizations.sh
./scripts/configure-roles.sh custom

# Setup database isolation
# Follow templates/organization-schema.md for RLS setup

Use Case 3: Organization-Scoped Data Isolation

# Test isolation after implementing schema
./scripts/test-org-isolation.sh

# Validates:
# - No cross-tenant data access
# - RLS policies working correctly
# - Organization switching updates context

RBAC Permission Checking

Middleware Protection:

// Check role in middleware
import { auth } from '@clerk/nextjs/server';

export default async function middleware(req: Request) {
  const { orgRole } = await auth();

  if (orgRole !== 'org:admin') {
    return new Response('Forbidden', { status: 403 });
  }
}

Component-Level Checks:

// Hide UI based on role
import { useOrganization } from '@clerk/nextjs';

function AdminOnlyButton() {
  const { membership } = useOrganization();

  if (membership?.role !== 'org:admin') return null;

  return <button>Admin Action</button>;
}

Custom Permission Checks:

// Check specific permission
import { checkPermission } from '@/lib/rbac';

if (await checkPermission(user, 'billing:manage')) {
  // Allow billing access
}

Database Integration

Supabase Integration (with RLS)

  1. Add organization_id to all tables
  2. Enable RLS on tables
  3. Create RLS policies scoped to organization_id
  4. Set organization context in Supabase client

See templates/organization-schema.md for complete schema patterns.

Prisma Integration

// Organization-scoped queries
const projects = await prisma.project.findMany({
  where: {
    organizationId: user.organizationId
  }
});

// Middleware to auto-inject organization_id
prisma.$use(async (params, next) => {
  if (params.action === 'create') {
    params.args.data.organizationId = getCurrentOrgId();
  }
  return next(params);
});

Environment Variables

# .env.example (no real keys!)
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_your_clerk_key_here
CLERK_SECRET_KEY=sk_test_your_clerk_secret_here

# Organization feature flags (optional)
NEXT_PUBLIC_ENABLE_ORG_CREATION=true
NEXT_PUBLIC_MAX_ORGS_PER_USER=5

Troubleshooting

Organizations not appearing:

  • Verify organizations enabled in Clerk Dashboard
  • Check environment variables are set correctly
  • Ensure user has created/joined an organization

RBAC not working:

  • Verify custom roles defined in Clerk Dashboard
  • Check role assignment in organization settings
  • Confirm middleware/permission checks use correct role names

Data isolation failing:

  • Verify all tables include organization_id column
  • Check RLS policies are enabled and correct
  • Test with multiple organizations to confirm isolation

Resources

Scripts: All scripts in scripts/ directory are executable and include detailed usage instructions

Templates: templates/ contains production-ready components and schema patterns

Examples: examples/ contains complete application examples with organization features

Clerk Dashboard Configuration Required: Organizations must be enabled in your Clerk Dashboard before using this skill

Framework Support: Next.js (App Router & Pages Router), React, Remix, Gatsby

Version: 1.0.0 Clerk SDK Compatibility: @clerk/nextjs 5+, @clerk/clerk-react 5+