Skip to main content

Access Control Tooling

CLI utilities for querying and adjusting Access Control data.

Query or Update User Roles/Permissions

File: tools/acl/query-user-perms.ts

Query Effective Permissions

infisical run -- pnpm exec tsx tools/acl/query-user-perms.ts --email user@example.com

Assign Roles / Ensure Tenant Membership

# Promote to OWNER, set as primary, ensure membership in Tee Time
infisical run -- pnpm exec tsx tools/acl/query-user-perms.ts \
  --email user@example.com --make-owner --primary \
  --ensure-tenant --tenant "Tee Time"

# Assign platform superadmin
infisical run -- pnpm exec tsx tools/acl/query-user-perms.ts \
  --email user@example.com --assign-role platform.superadmin --primary

# Assign CMP admin and ensure CMP tenant
infisical run -- pnpm exec tsx tools/acl/query-user-perms.ts \
  --email user@example.com --assign-role CMP_ADMIN --ensure-tenant --tenant "CMP"

Flags

FlagDescription
--assign-role <NAME>Assign role (repeatable)
--make-ownerPromote to OWNER role
--primarySet as primary tenant
--ensure-tenantEnsure tenant membership
--tenant <NAME>Tenant name
--id <uuid>User ID (alternative to email)

Prune Demo Feature (Cleanup)

File: tools/acl/prune-demo-user-management.ts

Removes the demo feature USER_MANAGEMENT globally (permission, assignments, feature). Use only if you're comfortable removing demo artifacts across the environment.

infisical run -- pnpm exec tsx tools/acl/prune-demo-user-management.ts

Verify Tee Time ACL

File: tools/acl/verify-teetime-acl.ts

Checks assignment counts for Tee Time roles to ensure a healthy baseline.

ACCESS_CONTROL_DATABASE_URL=postgres://… pnpm nx run access-control-client:prisma:verify-teetime-acl