Skip to main content

What RBAC means here

GoalGen uses Clerk with public metadata (not Organizations) for a lightweight role system. The in-app RBAC screen (/creator-studio/admin/roles) lets authorized admins search users and update app roles and Creator Studio roles stored on each user.
RBAC in the UI is platform administration: who can administer users and access. It is separate from content work (templates, review queue) described in Content library.

Two metadata fields

FieldPurpose
publicMetadata.roleApp-wide role: member, affiliate, Genners (stored as charter), admin, super_admin.
publicMetadata.studioRoleCreator Studio program: creator, founder, admin, super_admin, or unset.
You can combine them—for example Genners plus creator if someone is both an early backer and an approved creator.

Display name: Genners

Genners is the product name for the charter role: early supporters, beta participants, and equity-aligned backers. The Clerk key remains charter so existing integrations stay stable.

Other app roles

  • Affiliate — referral and marketing partners.
  • Admin / Super admin — staff; super admins can assign the super_admin app role to others.
Studio roles creator and founder control Creator Studio access (along with admin studio roles). See Creator Studio overview for navigation.

Session token (JWT)

For server-side checks without an extra round trip, the Clerk session token should include: 
{
  "metadata": "{{user.public_metadata}}"
}
Configure this under Clerk Dashboard → Sessions → Customize session token. Your app merges JWT metadata with currentUser().publicMetadata when resolving roles.

Sidebar entry

In the main app sidebar:
  • Creator Studio section → Creator-S opens Creator Studio (for eligible users).
  • Admin section → RBAC opens the roles admin UI (admin-only).

Security notes

Public metadata is readable in the client; only the server or Clerk Dashboard should write roles. The RBAC UI uses server actions with an admin check.
Treat super_admin as highly sensitive. Only super admins should assign that role.

FAQ

GoalGen’s RBAC guide uses metadata-based roles so teams without orgs still get a clear permission model. You can migrate to Organizations later if needed.
The repo includes apps/app/docs/clerk-rbac-setup.md with Clerk dashboard steps and field reference. This page is the user-facing summary.
You need an admin (role or studioRole of admin or super_admin). Ask a super admin to update your metadata in Clerk or via the RBAC UI.

Creator Studio overview

Product vs content vs platform navigation.

Content library

Templates, review, creators, settings.