Permissions overview

Here you can find everything you need to know about different roles and permissions in NEXT.

Rick avatar
Written by Rick
Updated over a week ago

Users in NEXT can be given specific permissions that determine what they can and cannot edit in a workspace. Permissions are an important part of healthy team collaboration: with the right permissions, you can make sure only certain people are permitted to change information in your workspace. User roles do not affect a user's permissions in a teamspace – once added as a teamspace member, all users have the same permissions on a teamspace level.

This article outlines the different user roles and provides an overview of actions that can be taken by each role.

User roles

NEXT differentiates between 2 different roles that can be given to a user:

  • Full users

  • Administrators

Full users

Full users are typically people who created teamspace themselves or take part in one or multiple teamspaces. Often, these users will be people from your organization, or in some scenarios might be (external) partners or customers.

Administrators

Administrators are the owners of a workspace. In your organization, these are typically people who are responsible for scaling NEXT in your organization. In case you created your own workspace during sign-up, you will automatically become an Administrator. Administrators have the same permissions as full users, but can on top of that manage the workspace of which they are an administrator.

Coming soon: "Guest users". This role can be assigned to anyone you want to work together with inside a teamspace, without allowing them to create new teamspaces or invite others. Example: an external partner you want to involve in one teamspace.

Actions per user role

You can find an overview of all permissions per role in the table below πŸ‘‡

Administrator

Full user

User profile

Change profile settings (e.g. full name, profile picture, etc.)

βœ…

βœ…

Change email (in case not SSO enabled)

βœ…

βœ…

Enable MFA

βœ…

βœ…

Switch to light/dark mode

βœ…

βœ…

Change password via login page (only without SSO enabled)

βœ…

βœ…

Teamspace & inviting users

Create teamspaces

βœ…

βœ…

Invite new users from "Allowed domains"

βœ…

βœ…

Invite new users from any domain

βœ…

⛔️

See & edit teamspaces they are a member of

βœ…

βœ…

See or edit all teamspaces

⛔️

⛔️

Workspace settings & members

Access workspace "Settings & Members"

βœ…

⛔️

Change workspace name

βœ…

⛔️

Change workspace logo

βœ…

⛔️

Change other users' account type

βœ…

⛔️

Activate or deactivate existing users

βœ…

⛔️

Adjust list of "featured publishers" in template marketplace

βœ…

⛔️

Restrict templates shown to featured publishers only

βœ…

⛔️

Restrict email domains for self-signups or invitations to a workspace

βœ…

⛔️

Administrator permission level

You will have the Administrator permission level if you are the creator or owner of a workspace (e.g. when you signed up for NEXT and with that created your own workspace). A few things to note about Administrators:

  • A workspace can have multiple Administrators.

  • Only another Administrator can grant Administrator permissions.

  • By default, the person who created the workspace is the Administrator.

  • We want to make sure a workspace does not get abandoned and you can retain control over it. Therefore, we recommend changing the Administrator from the default in case you don't wish to keep control over your workspace any longer to someone else. To do so, simply ask the Administrator to make another user an Administrator. After that, the new Administrator can remove the old Administrator's permissions or the old Administrator can remove their own Administrator permissions.

  • Only Administrators will see the "Settings & Members" button in the left-hand navigation menu after logging in.

⚠️ Note: For compliance & security reasons we do not offer a "god-mode user" role with which any user can see all data (i.e. all teamspaces) in a workspace. Teamspace members control their teamspace data and have to opt-in if someone else should be allowed to see their data. We only offer full visibility in case of a compliance request (e.g. if compliance department investigates behavior of employees) - where our contact person at the customer can request audit information. For any questions, please reach out to your Customer Success contact person.

SSO-enabled workspaces

When a workspace is SSO-enabled, NEXT is not in charge any longer of controlling users and their access. Instead, your organization is responsible for managing users and user access. Therefore, all features related to user access are disabled inside NEXT. Specifically, the following settings cannot be changed when SSO is enabled for your workspace:

  • Full users cannot change their email address

  • Full users cannot enable MFA in NEXT (access is handled via SSO completely)

  • Full users or Administrators cannot change their password via NEXT

  • Administrators cannot activate or deactivate SAML (SSO) users in NEXT

  • New users cannot self-signup via NEXT
    ​



☝️ Tip

In case you have any questions about user roles & permissions, feel free to reach out via the messenger or send an email to support@nextapp.co.

Did this answer your question?