# `PhoenixKit.Migrations.Postgres.V53`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.165/lib/phoenix_kit/migrations/postgres/v53.ex#L1)

V53: Module-Level Permission System

Creates the `phoenix_kit_role_permissions` table for granular access control
over which roles can access which admin sections and modules.

## Design

- Allowlist model: row present = granted, absent = denied
- Owner role bypasses permissions entirely (hardcoded in code)
- Admin role gets ALL permissions seeded by default
- New/custom roles start with NO permissions

## Table Structure

- `role_id` FK to phoenix_kit_user_roles (CASCADE on delete)
- `module_key` identifies the admin section or feature module
- `granted_by` FK to phoenix_kit_users (SET NULL on delete) for audit trail
- Unique constraint on (role_id, module_key) prevents duplicates

## Permission Keys

Core sections (5): dashboard, users, media, settings, modules
Feature modules (19): billing, shop, emails, entities, tickets, posts, ai,
  sync, publishing, referrals, sitemap, seo, maintenance, storage, languages,
  connections, legal, db, jobs

# `down`

# `up`

---

*Consult [api-reference.md](api-reference.md) for complete listing*