Role-Based Access Control (RBAC) system with session-based policies for a modern web application. The stack is Next.js (TypeScript), PostgreSQL, and Prisma ORM. The goal is to enforce CRUD permissions consistently across API endpoints and UI components, with secure session management as the backbone of authorization. Responsibilities - Design and implement RBAC schema in PostgreSQL using Prisma. - Develop and integrate session policy to store and enforce user identity, roles, and permissions. - Implement middleware to validate sessions and enforce RBAC rules across API routes. - Provide frontend utilities for permission checks in Next.js components. - Document workflows for role/permission assignment and session lifecycle. - Ensure security best practices (session expiration, CSRF protection, forbidden access handling). Deliverables - Prisma schema migrations for Users, Roles, Permissions, RoleAssignments, Sessions. - Session policy implementation HMAC seesion key + DB . - Middleware function authorize(resource, action, session) for API enforcement. - Example Next.js components demonstrating permission-based rendering. - Documentation on session lifecycle, role assignment, and permission enforcement Requirements - 8+ years of professional experience in full-stack web development. - Strong expertise in TypeScript, Next.js, and Prisma ORM. - Deep understanding of RBAC models and session-based authorization policies. - Experience with PostgreSQL schema design and optimization. - Familiarity with session management. - Ability to deliver clean, secure, and well-documented code.