Skip to main content

Seeding & Database Setup

Access Control uses idempotent seed scripts to provision features, permissions, and role assignments.

Quick Commands

# Seed platform Access Control admin baseline (features + assignments)
pnpm nx run access-control-client:prisma:seed-ac-admin

# Optional: seed a single global role with full AC (platform.superadmin)
pnpm nx run access-control-client:prisma:seed-platform-superadmin

# Tee Time seeds
pnpm nx run access-control-client:prisma:seed-teetime-defaults
pnpm nx run access-control-client:prisma:seed-teetime-roles
pnpm nx run access-control-client:prisma:seed-teetime-permissions

# Assign AC capabilities to TT roles (OWNER/ADMIN)
pnpm nx run access-control-client:prisma:seed-tt-ac-capabilities

# Verify Tee Time role/permission counts (requires DB env)
pnpm nx run access-control-client:prisma:verify-teetime-acl

Seed Targets

Platform Admin Baseline

Seeds the core Access Control admin features and permission assignments.

Target: pnpm nx run access-control-client:prisma:seed-ac-admin

Source: libs/prisma/access-control-client/prisma/seeds/access-control-admin/seed-baseline.ts

Creates:

  • Platform admin roles: access-control.admin, access-control.manager, access-control.auditor
  • Feature definitions: ROLE_MGMT, USER_MGMT, TENANT_MGMT, etc.
  • Permission assignments linking features to roles

Tee Time Capabilities

Assigns Access Control capabilities to Tee Time admin roles.

Target: pnpm nx run access-control-client:prisma:seed-tt-ac-capabilities

Source: libs/prisma/access-control-client/prisma/seeds/teetime/seed-ac-capabilities.ts

Capability Profile: libs/prisma/access-control-client/prisma/seeds/teetime/tt-admin-capabilities.ts

Environment Variables

VariableDescription
ACCESS_CONTROL_DATABASE_URLPostgreSQL connection string
SKIP_DEMO_SEEDS=1Skip demo/test data in production
CI_OFFLINE=trueSkip network calls during offline CI runs

Idempotency

All seeds use upserts on unique constraints:

  • Features: unique on name
  • Roles: unique on name (per namespace)
  • Permissions: unique on featureId
  • PermissionAssignments: composite unique (permissionId, subjectType, subjectId)

Seeds can be safely re-run without creating duplicates.

Verification

Verify seed integrity with:

ACCESS_CONTROL_DATABASE_URL=postgres://… pnpm nx run access-control-client:prisma:verify-teetime-acl

Verifier: tools/acl/verify-teetime-acl.ts

Full Taxonomy

See libs/prisma/access-control-client/prisma/SEEDS.md for the complete seed taxonomy including:

  • All available targets
  • Environment flags
  • Demo vs production seeds
  • Dependency order