ld-permissions
Guide for Lightdash's CASL-based authorization system. Use when working with scopes, custom roles, abilities, permissions, ForbiddenError, authorization, or access control. Helps with adding new scopes, debugging permission issues, understanding the permission flow, and creating custom roles.
Install
mkdir -p .claude/skills/ld-permissions && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6561" && unzip -o skill.zip -d .claude/skills/ld-permissions && rm skill.zipInstalls to .claude/skills/ld-permissions
About this skill
Permissions & Authorization Guide
This skill helps you work with Lightdash's CASL-based permissions system, including scopes, custom roles, and authorization enforcement.
What do you need help with?
- Add a new scope/permission - Step-by-step guide to add a new permission
- Debug a permission issue - Troubleshoot why a user can't access something
- Understand the permission flow - Learn how permissions work end-to-end
- Work with custom roles - Create or modify custom roles with specific scopes
Quick Reference
Key Files
| Purpose | Location |
|---|---|
| Scope definitions | packages/common/src/authorization/scopes.ts |
| CASL types | packages/common/src/authorization/types.ts |
| Ability builder | packages/common/src/authorization/index.ts |
| System role abilities | packages/common/src/authorization/projectMemberAbility.ts |
| Role-to-scope mapping | packages/common/src/authorization/roleToScopeMapping.ts |
| Scope-to-CASL conversion | packages/common/src/authorization/scopeAbilityBuilder.ts |
Common Patterns
Backend permission check:
import { subject } from '@casl/ability';
import { ForbiddenError } from '@lightdash/common';
if (user.ability.cannot('manage', subject('Dashboard', { projectUuid }))) {
throw new ForbiddenError('You do not have permission');
}
Frontend permission check:
const { user } = useUser();
if (user?.ability.can('manage', 'Dashboard')) {
return <EditButton />;
}
or wrap in a CASL component:
import { Can } from '../../providers/Ability';
<Can I="manage" a="Dashboard">
<EditButton />
</Can>
Full Documentation
For comprehensive documentation, read: .context/PERMISSIONS.md
This includes:
- Architecture diagram showing the complete permission flow
- All scope groups and modifiers (@self, @public, @space, etc.)
- Database schema for custom roles
- Step-by-step guide to add new scopes
- Troubleshooting guide
Adding a New Scope (Quick Guide)
- Define scope in
packages/common/src/authorization/scopes.ts:
{
name: 'manage:NewFeature',
description: 'Description for custom role UI',
isEnterprise: false,
group: ScopeGroup.PROJECT_MANAGEMENT,
getConditions: (context) => [addUuidCondition(context)],
}
-
Add subject (if new) in
packages/common/src/authorization/types.ts -
Add to system role in
packages/common/src/authorization/roleToScopeMapping.ts -
Update ability builder in
packages/common/src/authorization/projectMemberAbility.ts -
Enforce in service with
user.ability.cannot()check -
Add frontend check with
user?.ability.can()
Debugging Permission Issues
When a user gets "ForbiddenError":
- Check scope exists - Is the scope defined in
scopes.ts? - Check role assignment - Does the user's role include this scope?
- Check conditions - Do the CASL conditions match the resource?
- Check enterprise flag - Is
isEnterprise: truebut deployment isn't enterprise? - Check subject name - Case-sensitive match in
CaslSubjectNames?
Use grep to find where the permission is checked:
grep -r "ability.cannot.*'manage'.*'YourSubject'" packages/backend/src/services/
Please describe what you're trying to accomplish, or ask me to explain any aspect of the permissions system.
More by lightdash
View all skills by lightdash →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
Chain of Thought Task ManagerOrganize projects using leading project track software. Convert tasks with dependency tracking for optimal time manageme
Structured WorkflowStructured Workflow guides disciplined software engineering via refactoring, feature creation, and test driven developme
Modus Design SystemDiscover Modus Design System: comprehensive docs, specs, and guides for React UI library and component implementation in
Tyler ForgeAccess Tyler Forge’s design system, React UI library, component APIs, and framework guides for seamless app development
FilesystemLearn how to use Python to read a file and manipulate local files safely through the Filesystem API.
GitHubExtend your developer tools with GitHub MCP Server for advanced automation, supporting GitHub Student and student packag
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.