Super-Admin Console Specification
Super-Admin Console Specification
Source: Copied from
Plings-Docs/admin/super-admin-console-legacy.md(2025-06-18).
Status: Draft v0.1
Audience: Core Plings platform team (backend, frontend, DevOps, finance)
Purpose: Define the pages, components, and backend capabilities required for the Super-Admin area used by Plings operators to manage tenants, users, billing and system health.
1. Scope & Non-Goals
The console is tenant-agnostic—it operates on all organisations and all data.
Non-goals:
- day-to-day inventory management (covered by normal org UI)
- white-label customer admin consoles (they use
/adminpanel)
2. Primary Views / Routes
| # | Route | React Component(s) | Key Features |
|---|---|---|---|
| 1 | /super/overview |
SuperHome.tsx |
KPI counters: total users, organisations, object count, storage used, active WebSocket clients |
| 2 | /super/orgs |
OrgTable.tsx OrgDetailDrawer.tsx |
List orgs, filter by status, create/suspend/delete, plan tier, quotas |
| 3 | /super/users |
UserTable.tsx ImpersonateModal.tsx |
Global user list, lock/unlock, reset MFA, elevate to super-admin |
| 4 | /super/catalogue |
ClassReviewQueue.tsx |
Approve/reject public ObjectClass submissions, edit capabilities |
| 5 | /super/predicates |
PredicateManager.tsx |
Add/retire functional & spatial predicates |
| 6 | /super/billing |
BillingDashboard.tsx |
Usage metrics per org, invoice generator, credit adjustments |
| 7 | /super/identifiers |
AnchorKeyManager.tsx |
Issue/revoke AnchorKeys, view issuance stats |
| 8 | /super/logs |
AuditLogViewer.tsx |
Searchable audit & API logs, export CSV |
| 9 | /super/ops |
OpsTools.tsx |
Trigger backups, run consistency checks, toggle feature flags, broadcast message |
Legend: Each route is protected by an RLS policy that checks
role = 'system_owner'in the JWT.
3. Capability Matrix
| Capability | GraphQL / SQL Entry-point | Notes |
|---|---|---|
| Create / delete organisation | createOrg, deleteOrg |
Cascades to object ownership cleanup |
| Suspend / restore org | setOrgStatus |
Puts org in read-only mode |
| Adjust plan / quotas | setOrgPlan |
Updates billing tier & limits |
| Lock / delete user | setUserStatus |
RLS denies further logins |
| Elevate to super-admin | assignSystemRole |
Updates system_roles table |
| Impersonate user | Resolver returns scoped JWT with short TTL | |
| Approve public class | approveClass |
Sets visibility='public' |
| Manage predicates | addPredicate / retirePredicate |
Updates enum + propagates to clients via subscription |
| Issue AnchorKey | createAnchorKey |
Returns xpub & QR for manufacturer |
| Revoke identifier | revokeInstanceKey |
Adds to global revocation list |
| Generate invoice | generateInvoice |
Pulls usage metrics, emits PDF |
| Run backup | triggerBackup |
Starts off-band job, returns job-id |
| Send broadcast message | createBroadcast |
Pushes toast to all tenants |
(All mutations require resolver-level check user.role == 'system_owner' and RLS policy on target tables.)
4. Backend Notes
- Metrics are materialised in a nightly job populating
org_usage_daily(objects_count, storage_mb, api_calls). - Audit logs are written to
audit_logtable; viewer paginates via timestamp index. - Long-running ops (backup, consistency scan) use a
jobstable + GraphQL subscription for progress.
5. Open Items
- Define PDF template for invoices
- Decide retention period for
audit_log(GDPR vs. Ops needs) - Access-control flow for impersonate (record who did it)
- UX wireframes (link to Figma)