Users in NEXT can be given specific permissions that determine what they can and cannot edit in a workspace. Permissions are an important part of healthy team collaboration: with the right permissions, you can make sure only certain people are permitted to change information in your workspace. User roles do not affect a user's permissions inside a project – once added as a project member, all users have the same permissions on a project level.

This article outlines the different user roles and provides an overview of actions that can be taken by each role.

User roles

NEXT differentiates between 2 different roles that can be given to a user:

  • Full users

  • Administrators

Full users

Full users are typically people who create projects themselves or take part in one or multiple projects. Often, these users will be people from your organization, or in some scenarios might be (external) partners or customers.

Administrators

Administrators are the owners of a workspace. In your organization, these are typically people who are responsible for scaling NEXT in your organization. In case you created your own workspace during sign-up, you will automatically become an Administrator. Administrators have the same permissions as full users, but can on top of that manage the workspace of which they are an administrator.

Coming soon: "Guest users". This role can be assigned to anyone you want to work together with inside a project, without allowing them to create new projects or invite others. Example: an external partner you want to involve in one project.

Actions per user role

You can find an overview of all permissions per role in the table below 👇

Administrator

Full user

User profile

Change profile settings (e.g. full name, profile picture, etc.)

✅

✅

Change email (in case not SSO enabled)

✅

✅

Enable MFA

✅

✅

Switch to light/dark mode

✅

✅

Change password via login page (only without SSO enabled)

✅

✅

Projects & inviting users

Create projects

✅

✅

Invite new users from "Allowed domains"

✅

✅

Invite new users from any domain

✅

⛔️

See & edit projects they are a member of

✅

✅

See or edit all projects

⛔️

⛔️

Workspace settings & members

Access workspace "Settings & Members"

✅

⛔️

Change workspace name

✅

⛔️

Change workspace logo

✅

⛔️

Change other users' account type

✅

⛔️

Activate or deactivate existing users

✅

⛔️

Adjust list of "featured publishers" in template marketplace

✅

⛔️

Restrict templates shown to featured publishers only

✅

⛔️

Restrict email domains for self-signups or invitations to a workspace

✅

⛔️

Administrator permission level

You will have the Administrator permission level if you are the creator or owner of a workspace (e.g. when you signed up for NEXT and with that created your own workspace). A few things to note about Administrators:

  • A workspace can have multiple Administrators.

  • Only another Administrator can grant Administrator permissions.

  • By default, the person who created the workspace is the Administrator.

  • We want to make sure a workspace does not get abandoned and you can retain control over it. Therefore, we recommend changing the Administrator from the default in case you don't wish to keep control over your workspace any longer to someone else. To do so, simply ask the Administrator to make another user an Administrator. After that, the new Administrator can remove the old Administrator's permissions or the old Administrator can remove their own Administrator permissions.

  • Only Administrators will see the "Settings & Members" button in the left-hand navigation menu after logging in.

⚠️ Note: For compliance & security reasons we do not offer a "god-mode user" role with which any user can see all data (i.e. all projects) in a workspace. Project teams control their project data and have to opt-in if someone else should be allowed to see their data. We only offer full visibility in case of a compliance request (e.g. if compliance department investigates behavior of employees) - where our contact person at the customer can request audit information. For any questions, please reach out to your Customer Success contact person.

SSO-enabled workspaces

When a workspace is SSO-enabled, NEXT is not in charge any longer of controlling users and their access. Instead, your organization is responsible for managing users and user access. Therefore, all features related to user access are disabled inside NEXT. Specifically, the following settings cannot be changed when SSO is enabled for your workspace:

  • Full users cannot change their email address

  • Full users cannot enable MFA in NEXT (access is handled via SSO completely)

  • Full users or Administrators cannot change their password via NEXT

  • Administrators cannot activate or deactivate SAML (SSO) users in NEXT

  • New users cannot self-signup via NEXT



☝️ Tip

In case you have any questions about user roles & permissions, feel free to reach out via the messenger or send an email to support@nextapp.co.

Did this answer your question?