Users in NEXT can be given specific permissions that determine what they can and cannot edit in a workspace. Permissions are an important part of healthy team collaboration: with the right permissions, you can make sure only certain people are permitted to change information in your workspace. User roles do not affect a user's permissions in a teamspace β once added as a teamspace member, all users have the same permissions on a teamspace level.
This article outlines the different user roles and provides an overview of actions that can be taken by each role.
User roles
NEXT differentiates between 2 different roles that can be given to a user:
Full users
Administrators
Full users
Full users are typically people who created teamspace themselves or take part in one or multiple teamspaces. Often, these users will be people from your organization, or in some scenarios might be (external) partners or customers.
Administrators
Administrators are the owners of a workspace. In your organization, these are typically people who are responsible for scaling NEXT in your organization. In case you created your own workspace during sign-up, you will automatically become an Administrator. Administrators have the same permissions as full users, but can on top of that manage the workspace of which they are an administrator.
Coming soon:
"Guest users". This role can be assigned to anyone you want to work together with inside a teamspace, without allowing them to create new teamspaces or invite others. Example: an external partner you want to involve in one teamspace.
Actions per user role
You can find an overview of all permissions per role in the table below π
| Administrator | Full user |
User profile |
|
|
Change profile settings (e.g. full name, profile picture, etc.) | β | β |
Change email (in case not SSO enabled) | β | β |
Switch to light/dark mode | β | β |
Change password via login page (only without SSO enabled) | β | β |
Teamspace & inviting users |
|
|
Create teamspaces | β | β |
Invite new users from "Allowed domains" | β | β |
Invite new users from any domain | β | βοΈ |
See & edit teamspaces they are a member of | β | β |
See or edit all teamspaces | βοΈ | βοΈ |
Workspace settings & members |
|
|
Access workspace "Settings & Members" | β | βοΈ |
Change workspace name | β | βοΈ |
Change workspace logo | β | βοΈ |
Change other users' account type | β | βοΈ |
Activate or deactivate existing users | β | βοΈ |
Adjust list of "featured publishers" in template marketplace | β | βοΈ |
Restrict templates shown to featured publishers only | β | βοΈ |
Restrict email domains for self-signups or invitations to a workspace | β | βοΈ |
Administrator permission level
You will have the Administrator permission level if you are the creator or owner of a workspace (e.g. when you signed up for NEXT and with that created your own workspace). A few things to note about Administrators:
A workspace can have multiple Administrators.
Only another Administrator can grant Administrator permissions.
By default, the person who created the workspace is the Administrator.
We want to make sure a workspace does not get abandoned and you can retain control over it. Therefore, we recommend changing the Administrator from the default in case you don't wish to keep control over your workspace any longer to someone else. To do so, simply ask the Administrator to make another user an Administrator. After that, the new Administrator can remove the old Administrator's permissions or the old Administrator can remove their own Administrator permissions.
Only Administrators will see the "Settings & Members" button in the left-hand navigation menu after logging in.
β οΈ Note: For compliance & security reasons we do not offer a "god-mode user" role with which any user can see all data (i.e. all teamspaces) in a workspace. Teamspace members control their teamspace data and have to opt-in if someone else should be allowed to see their data. ο»ΏWe only offer full visibility in case of a compliance request (e.g. if compliance department investigates behavior of employees) - where our contact person at the customer can request audit information. For any questions, please reach out to your Customer Success contact person.
SSO-enabled workspaces
When a workspace is SSO-enabled, NEXT is not in charge any longer of controlling users and their access. Instead, your organization is responsible for managing users and user access. Therefore, all features related to user access are disabled inside NEXT. Specifically, the following settings cannot be changed when SSO is enabled for your workspace:
Full users cannot change their email address
Full users or Administrators cannot change their password via NEXT
Administrators cannot activate or deactivate SAML (SSO) users in NEXT
New users cannot self-signup via NEXT
β
βοΈ Tip
In case you have any questions about user roles & permissions, feel free to reach out via the messenger or send an email to support@nextapp.co.