Designing multi-tenant RBAC for institutional property teams
How Greenhaus structures a 71-permission RBAC model with default-deny policies and attribute-based access.
By Amelia Noor
Managing permissions for institutional portfolios goes far beyond assigning a few roles. The Greenhaus RBAC matrix spans 71 granular permissions across leasing, maintenance, finance, compliance, and data access.
Principles
- Default deny — every permission starts closed until explicitly granted. Teams can opt-in by persona, geography, or asset class.
- Attribute based — policies evaluate portfolio, asset type, region, and even construction phase before allowing an action.
- Explainability — every decision records the policy path so admins know why a request was allowed or denied.
Modeling the matrix
We define resource groups (leases, units, payouts, documents) and actions (view, create, approve, export). Combining these with attributes gives us a multi-dimensional matrix that covers real-world scenarios such as:
- Regional directors approving renewals across their territory but not outside of it
- Construction partners uploading documents only during active projects
- Investors receiving read-only dashboards scoped to the LP entity they belong to
Operationalizing RBAC
In practice, RBAC settings live in a Terraform-backed configuration repo. Changes flow through CI with automated impact analysis. Once merged, policies propagate through Supabase RLS and our workflow engine.
The result is a permission fabric that scales with growth while keeping compliance teams confident.