Admin Setup

Before you can manage plans, branding, content, billing, or maintenance mode, you need at least one user with the ADMIN role. This page covers the safe ways to do that in local development and production.

Note

Decision shortcut: use the seed flow only for a brand-new empty database. If the person has already signed in and already has a user row, promote that existing row instead of seeding again.

How admin access works

SaaSyBase stores authorization in the local database, even when authentication itself is handled by Clerk, Better Auth, or NextAuth. That means becoming an admin is a database role assignment, not just an auth-provider setting.

Layer	What it controls	Where it lives
Authentication	Who the user is	Clerk, Better Auth, or NextAuth
Authorization	Whether the user is ADMIN or MODERATOR	User.role in the app database
Access enforcement	Which pages and API routes they can reach	Route guards, middleware, and API helpers

Development

Local Admin Setup

Seed the database

Create your first admin during the standard seed flow when bootstrapping a fresh local database. The interactive prompt will ask for email and password.

npx prisma db seed

Alternative: Promote existing user

If a user already exists, promote that user by opening Prisma Studio and updating the User.role field to ADMIN.

npx prisma studio

Verify access

Tip

Local development now uses the same explicit admin assignment model as every other environment. There is no localhost-only admin bypass.

Warning

Do not keep rerunning the full seed flow just because an admin login failed. First confirm whether the user already exists, because promotion is usually the cleaner fix once a row is already present.

Finding your provider user ID

Clerk: copy the user ID from the Clerk dashboard.
Better Auth: sign in once, then inspect the user row in Prisma Studio and match it by your email address.
NextAuth: sign in once, then inspect the user row in Prisma Studio and match it by your email address.

Database seed flow

For a fresh database, the seed script can create the first admin user during setup.

npx prisma db seed

In an interactive terminal, the script prompts for admin email and password. The same seed pass also prepares baseline plans, settings, and starter site pages. In non-interactive environments, use environment variables instead.

Non-interactive seed

SEED_ADMIN_EMAIL="admin@example.com"
SEED_ADMIN_PASSWORD="strong-password"
npx prisma db seed

Warning

Set SEED_ADMIN_EMAIL and SEED_ADMIN_PASSWORD explicitly for non-interactive runs. If the seed falls back to the built-in bootstrap admin credentials, treat them as compromised-by-default and change them immediately.

To skip admin creation entirely during a seed run, pass --skip-admin.

Production setup

Situation	Recommended path	Why
The user has already signed in once	Direct SQL promotion	You are updating the exact existing user row instead of creating or re-seeding extra setup data.
The database is brand new and empty	Seed the first admin	The seed flow can create the initial admin and the starter records in one pass.

Option 1: direct SQL promotion

This is the most explicit and safest path when a user already exists.

Have the person sign in once before you run this, so the correct user row already exists in the database. Then update that row to ADMIN.

Run the update inside a PostgreSQL client such as psql or your managed database console. Do not paste rawUPDATE statements into a normal shell prompt, because the shell will try to execute UPDATEas a command.

psql one-liner

psql "$DATABASE_URL" -c "UPDATE "User" SET role = 'ADMIN' WHERE id = 'user_xxxxxxxxxxxxx';"

PostgreSQL SQL

UPDATE "User"
SET role = 'ADMIN'
WHERE id = 'user_xxxxxxxxxxxxx';

Note

On containerized deployments, run psql in an environment that actually has the PostgreSQL client installed and can reach the database. That is often the database container or a separate database console, not necessarily the main app container.

Option 2: seed the first admin

For a brand-new production database, you can also create the first admin via the seed script before exposing the app publicly.

Non-interactive production seed

SEED_ADMIN_EMAIL="admin@example.com"
SEED_ADMIN_PASSWORD="strong-password"
npx prisma db seed

Treat this as a one-time bootstrap step. It is not part of your normal recurring deployment pipeline.

Warning

Never expose a deployment that is still using the seed script's built-in fallback admin credentials. Use uniqueSEED_ADMIN_* values for the bootstrap run or rotate the seeded admin email/password immediately afterward.

Tip

Promote one admin first, confirm you can access /admin, and only then open the app to real traffic.

Note

ADMIN grants access to the full admin surface. If you want restricted back-office access instead, promote the user to MODERATOR and configure section-level permissions from the admin settings area.

Verify access

Visit /admin and confirm the dashboard loads.
Open Plans, Settings, or Theme pages to verify the session resolves as ADMIN.
If access fails, inspect the user row in Prisma Studio and verify role is ADMIN.