Interactive Demo
Production RBAC — FastAPI + SQLAlchemy
Switch between users and roles to explore a flat, resource-specific RBAC model. Multi-tenant (ACME Rail / RailCorp), IoT domain, single role per user by design. Full write-up in the accompanying post.
RBAC Interactive Demo
FastAPI · SQLAlchemy · Alembic
Active User
RoleSuper Admin
TenantALL TENANTS
Emailsarah@acme.com
Cross-tenant visibility. Full access across all companies.
| Resource | list | read | create | update | soft delete | delete | deactivate |
|---|---|---|---|---|---|---|---|
| devices | ✓ | ✓ | ✓ | ✓ | · | ✓ | · |
| defects | ✓ | ✓ | ✓ | ✓ | ✓ | · | · |
| incidents | ✓ | ✓ | ✓ | ✓ | ✓ | · | · |
| events | ✓ | ✓ | ✓ | ✓ | · | · | · |
| users | ✓ | · | ✓ | ✓ | · | · | ✓ |
| notes | · | ✓ | ✓ | · | · | · | · |
| tenants | ✓ | ✓ | ✓ | · | · | · | · |
28 permissions granted to Super Admin · Cross-tenant access enabled
· Permissions are defined by the architect and seeded via Alembic migration — not configurable by end users.
· Each user holds exactly one role. This is a deliberate design constraint, not an oversight.
· Super Admin has cross-tenant visibility. All other roles are scoped to their tenant.