Spaces:
Sleeping
Helpdesk.ai β Project Handoff Sheet: 02. Database Schema & Supabase Configuration
This sheet provides a complete overview of the Supabase PostgreSQL database schema, including the logical tables, structural constraints, RLS security policies, trigger functions, and critical migration details.
ποΈ 1. Core Tables & Field Definitions
π’ companies
Represents the tenants on the multi-tenant platform.
id(UUID, Primary Key, Default:gen_random_uuid())name(TEXT, Not Null) β Name of the company.domain(TEXT, Unique) β E.g.,riteshpvtltd.com(used for automated user routing).status(TEXT) βactive,suspended,pending_verification.created_at(TIMESTAMPTZ, Default:now())
π€ profiles
Integrates with auth.users to implement Role-Based Access Control (RBAC).
id(UUID, Primary Key, Referencesauth.users.idON DELETE CASCADE)full_name(TEXT) β Display name of the user.company_id(UUID, Referencescompanies.idON DELETE SET NULL)company(TEXT) β Company name string fallback.role(TEXT, Default:'user') β ENUM check:'user','admin','master_admin'.status(TEXT, Default:'active') β'active','pending_approval','rejected'.updated_at(TIMESTAMPTZ)created_at(TIMESTAMPTZ, Default:now())
π« tickets
The central ticket store with embedded machine learning extraction columns and RAG vector indexes.
id(UUID, Primary Key, Default:gen_random_uuid())title(TEXT, Not Null)description(TEXT, Not Null)status(TEXT, Default:'open') β'open','in_progress','resolved','closed'.priority(TEXT, Default:'medium') β'low','medium','high','urgent'.category(TEXT) β E.g.,'IT Support','HR','Billing'.sub_category(TEXT) β E.g.,'Network Issue','Payroll','Refund'.created_by(UUID, Referencesprofiles.id)company_id(UUID, Referencescompanies.idON DELETE CASCADE)assigned_to(UUID, Referencesprofiles.id)ai_confidence(FLOAT) β Confidence rating of the automatic classification.ai_metadata(JSONB) β Raw extraction results (NER fields, duplicate scoring log).sla_deadline(TIMESTAMPTZ) β Calculated timestamp based on ticket priority.sla_status(TEXT, Default:'active') β'active','warning','breached','resolved'.sla_breached(BOOLEAN, Default:false)parent_id(UUID, Referencestickets.idON DELETE SET NULL) β Parent ticket pointer for duplicates.vector_embedding(vector(384)) β pgvector cosine representation of ticket description (used for duplicate search).created_at(TIMESTAMPTZ, Default:now())
π¬ ticket_messages
Stores the dialog threads for active tickets.
id(UUID, Primary Key, Default:gen_random_uuid())ticket_id(UUID, Referencestickets.idON DELETE CASCADE)sender_id(UUID, Referencesprofiles.idON DELETE CASCADE)message(TEXT, Not Null)is_system(BOOLEAN, Default:false) β Identifies system prompts or AI audit responses.attachments(TEXT[]) β File storage links.created_at(TIMESTAMPTZ, Default:now())
π οΈ system_settings
Configures tenant-specific SLA tolerances and AI trigger boundaries.
company_id(UUID, Primary Key, Referencescompanies.idON DELETE CASCADE)ai_confidence_threshold(FLOAT, Default:0.80) β Minimum score to accept automated actions.duplicate_sensitivity(FLOAT, Default:0.85) β Cosine similarity cut-off.enable_auto_resolve(BOOLEAN, Default:false)auto_close_enabled(BOOLEAN, Default:true)auto_close_days(INTEGER, Default:7)email_notifications(BOOLEAN, Default:true)admin_alerts(BOOLEAN, Default:true)digest_frequency(TEXT, Default:'daily') β'daily','weekly'.updated_at(TIMESTAMPTZ, Default:now())
π 2. Row Level Security (RLS) Design
Supabase RLS secures the multi-tenant data layer. Below are the key security definitions:
Profiles Table
- Read access: Members can view other profiles sharing their
company_id.CREATE POLICY "Members see company profiles" ON profiles FOR SELECT USING (company_id = (SELECT company_id FROM profiles WHERE id = auth.uid())); - Write access: Users can update their own profile metadata.
CREATE POLICY "Users update own profile" ON profiles FOR UPDATE USING (id = auth.uid());
Tickets Table
- Standard Users: Can read and write only their own records.
CREATE POLICY "Users read own tickets" ON tickets FOR SELECT USING (created_by = auth.uid()); CREATE POLICY "Users create own tickets" ON tickets FOR INSERT WITH CHECK (created_by = auth.uid()); - Admins: Can read, update, and manage all tickets belonging to their tenant.
CREATE POLICY "Admins manage company tickets" ON tickets FOR ALL USING ( company_id = (SELECT company_id FROM profiles WHERE id = auth.uid() AND role IN ('admin', 'master_admin')) );
System Settings Table
- Restricts select and modifications strictly to organization administrators.
CREATE POLICY "Company members can manage own settings" ON system_settings FOR ALL USING (company_id IN (SELECT company_id FROM profiles WHERE id = auth.uid())) WITH CHECK (company_id IN (SELECT company_id FROM profiles WHERE id = auth.uid()));
β‘ 3. SQL Trigger Actions
Profile Generation Trigger
An automatic database trigger maps new signups from Supabase Auth (auth.users) to the public profiles table to maintain RBAC coherence.
CREATE OR REPLACE FUNCTION public.handle_new_user()
RETURNS trigger AS $$
BEGIN
INSERT INTO public.profiles (id, full_name, company, role, status)
VALUES (
new.id,
COALESCE(new.raw_user_meta_data->>'full_name', 'Employee'),
COALESCE(new.raw_user_meta_data->>'company', 'Default Org'),
COALESCE(new.raw_user_meta_data->>'role', 'user'),
COALESCE(new.raw_user_meta_data->>'status', 'active')
);
RETURN NEW;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
CREATE OR REPLACE TRIGGER on_auth_user_created
AFTER INSERT ON auth.users
FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
β οΈ 4. Pending Database Actions
The new
system_settingstable and configuration RLS structure must be run manually on the live database. The migration script is fully completed and stored locally in 20260531_add_company_settings.sql.
Execution Plan:
- Open the Supabase Dashboard.
- Navigate to your project (replace
YOUR_PROJECT_REFwith your Supabase project reference). - Open the SQL Editor tab.
- Copy the complete SQL script located in the local migration file: supabase/migrations/20260531_add_company_settings.sql
- Execute the script to create the table, set up its triggers, and authorize permissions.