Skip to content
sg·
← cd ../work

RBAC Admin Panel

Role-scoped internal tooling — least privilege without slowing operations down.

TL;DR

Role
Senior Software Engineer — design & build
Where
Pine Labs
Stack
ReactReduxNode.jsJWT
Outcomes
30% faster admin tasksleast-privilegeaudit-ready

The problem

Internal and admin operations were slow and permission-risky: too many people had too much access, and routine tasks required engineering intervention. The fix was an admin panel where every action is scoped to the operator's role.

Constraints

  • Least-privilege by default — no action available that a role doesn't need
  • Auditability — who did what, when, has to be answerable
  • Non-technical operators — the UI had to be self-explanatory
  • An evolving role matrix — roles change as the org changes

Architecture

Every operator action follows the same spine: authenticate the JWT, resolve the operator's role into concrete permission scopes, and only then expose or execute the action. Permission resolution is its own layer — business code never checks roles directly. Both outcomes are recorded: allowed actions land in the audit log, and so do denials, because denied attempts are the security signal. The diagram shows it live — the same request path lets an ops-admin through and stops a viewer at the resolver.

Operatoradmin userAuthJWT verifyPermission Resolverrole → scopesAction APIscoped opsAudit Logwho · what · when
  • ops-admin — allowed, executed, audited
  • viewer — denied at the resolver
  • denial logged — the security signal

Hover or tap a component to see its responsibility.

Decisions & trade-offs

Permission resolution as a dedicated layer — over role checks scattered through handlers

One place to reason about access. New roles and permission changes never touch business logic — they're data, not code changes.

Deny-by-default — over allow-by-default with exclusions

Least privilege has to be the resting state. Granting access becomes a visible, reviewable change instead of forgetting to exclude someone.

Auditing denials as well as allowed actions — over logging successful actions only

A spike in denials is how you notice a compromised account or a misconfigured role before it becomes an incident.

Results

  • 30% reduction in admin task completion time
  • Access consolidated behind role-scoped, auditable actions

What I'd do differently

I'd model permissions as resource + action scopes from the very start — we began with coarse roles and paid for a migration once the role matrix grew.

Shared at pattern level — production metrics are real, implementation details are illustrative.