📘 JavaScript is disabled. You can still browse and read all documentation, but some interactive features like search and theme switching are unavailable.

Users and security

User Management

Updated Aug 28, 2025

Set up user accounts, roles, and permissions to control who can access what in your application.

Managing users in Anythink is designed to be simple for basic setups but powerful enough for complex organisational structures. Whether you're building a simple app or a sophisticated platform serving multiple organisations, Anythink's user management system adapts to your needs while maintaining security and simplicity.

Built with enterprise-grade security at its core, Anythink handles everything from individual user accounts to complex multi-project access patterns, letting you focus on building great experiences rather than wrestling with authentication infrastructure.

Authentication Made Simple

Anythink offers flexible authentication methods that balance security with user experience. Your users can choose the method that works best for them, while you maintain complete control over access policies.

Email & Password Authentication

The classic approach that users know and trust. Anythink's email and password authentication includes robust security features without the complexity:

Smart password requirements that you can configure based on your security needs
Automatic account verification via email to ensure valid user contacts
Secure password reset flow that protects against common attacks while remaining user-friendly

This traditional method works perfectly for applications where users log in regularly and prefer the familiarity of password-based access.

Magic Link Authentication

For a more modern, passwordless experience, magic links eliminate the friction of password management entirely. Users simply enter their email address and receive a secure login link:

Enhanced security because there's no password to compromise or forget
Simplified user experience that reduces support requests and abandoned logins
Perfect for infrequent users who might otherwise struggle with forgotten passwords

Magic links are particularly valuable for customer-facing applications where reducing barriers to entry directly impacts conversion rates.

Building Your User Base

Creating Users Manually

When you need direct control over who gets access, manual user creation gives you complete oversight. From your dashboard, navigate to Settings → Users where you can:

Add User with their essential information (email, first name, last name)
Assign roles immediately, ensuring they have appropriate permissions from day one (@roles-and-permissions see our detailed role management guide)
Set project access to control which parts of your organisation they can see
Send invitation emails automatically, or handle onboarding through your own channels

This approach works beautifully for team members, beta users, or any situation where you want to personally vet each new account.

Enabling User Self-Registration

For applications that need to scale user acquisition, self-registration removes you from the bottleneck while maintaining security. When enabled in your project settings, users can create their own accounts with:

Configurable registration rules that you control per project
Automatic role assignment using your predefined default role
Optional email verification to ensure account validity before access is granted

Self-registration is perfect for SaaS applications, community platforms, or any scenario where you want users to onboard themselves while you focus on building features.

Bringing Users Into Your Organisation

The Invitation Experience

User invitations in Anythink create a smooth onboarding experience that reflects well on your organisation. When you invite someone, here's what happens:

Secure invitation email goes out with a time-limited, encrypted link
Guided account setup where the user creates their password and verifies their email
Automatic role assignment based on the role you specified when sending the invitation
Custom onboarding flows that you can create using workflows to welcome users and guide them through your specific application
Workflows

allow you to tune your software to fit your business. From simple approvals to complex data manipulation, workflows make tasks faster and more efficient.

Smart Invitation Management

Anythink helps you stay on top of your invitation process with:

Clear status tracking showing which invitations are sent, accepted, or expired
Easy resend capabilities for when emails get lost or users need reminders
Configurable expiration dates that balance security with user convenience

This system ensures that your user onboarding process feels professional and organised, whether you're inviting a single consultant or rolling out access to an entire department.

Multi-Project User Management

Seamless Project Switching

For users who work across multiple projects or organisations, Anythink provides a unified experience that eliminates the need for multiple accounts:

Quick project selector accessible from the user menu in any project
Separate data contexts that keep each project's information completely isolated
Role-appropriate interfaces that adapt based on the user's permissions in each specific project

This means a consultant working with multiple clients can switch between projects instantly, while a team member can access different company divisions without logging in and out repeatedly.

Strategic Cross-Project Access

Managing users across multiple projects becomes straightforward with Anythink's centralised approach:

Assign different roles per project - someone might be an admin in one project and a viewer in another
Central user management that lets you see and control a user's access across your entire organisation
Consistent user experience that reduces training overhead when users work across projects

User Profiles and Personal Information

Essential User Data

Every user account automatically includes the information you need for effective user management:

Email address serves as the unique identifier and primary contact method
First and last name for personalisation and professional communication
Profile image that helps teams recognise each other in the interface
Activity timestamps including last login and account creation for security auditing

User-Controlled Profile Management

Anythink gives users control over their own information, reducing administrative overhead while maintaining data accuracy:

Contact information updates that users can manage themselves
Password changes through a secure, self-service process
Notification preferences that let users control how and when they hear from your application

This self-service approach keeps user data fresh while freeing up your time for more strategic work.

Access Control and Security

User Status Management

Anythink provides granular control over user access through a clear status system:

Active users have full access to all assigned resources and can work normally
Invited users have been sent invitations but haven't yet completed account setup
Inactive users have disabled accounts and cannot access any resources
Suspended users face temporary access restrictions while maintaining their account data

Layered Access Control

User access in Anythink works through multiple complementary layers that provide both security and flexibility:

Account-level status controls whether a user can access anything at all
Role-based permissions determine what actions a user can perform detailed roles and permissions guide
Row-level security controls which specific data records a user can see or modify
API key restrictions provide fine-grained control for programmatic access

This layered approach means you can grant access as broadly or as narrowly as your security requirements demand, without creating administrative complexity.

API Integration and Automation

Programmatic User Management

For organisations that need to automate user lifecycle management, Anythink's

Dynamic API Overview

One of Anythink's most powerful, and unique, features is that every entity you create automatically generates a complete set of RESTful API endpoints. No manual API development required - your data model becomes your API specification to be able to connect an app, website or 3rd party api to retrieve your data.

provide complete programmatic control:

Automated user provisioning from HR systems, customer databases, or signup flows
Bulk user operations for managing large teams or customer migrations
Integration with external systems like CRMs, support platforms, or billing systems
**Custom user management workflows that fit your specific business processes

Flexible API Authentication

Users can authenticate with your APIs using multiple methods depending on their use case:

JWT tokens automatically generated when users log into the dashboard
API keys perfect for service accounts, integrations, or automated systems
Magic link tokens for temporary access scenarios or simplified mobile experiences

Security That Actually Works

Password Protection

Anythink's password security strikes the right balance between protection and usability:

Configurable complexity requirements that you can adjust based on your risk tolerance
Secure password reset process that protects against account takeover attempts
Brute force protection that automatically blocks suspicious login attempts

Session Security

User sessions are managed with enterprise-grade security practices:

Automatic session timeouts that protect against abandoned sessions
Multiple device support so users can work from laptop, tablet, and phone
Secure token refresh that maintains security while keeping users logged in

Email Verification and Trust

Email verification helps ensure that users are who they claim to be:

Required email confirmation for new accounts prevents fake registrations
Re-verification for email changes maintains account security when contact information updates
Configurable verification requirements that you can adjust based on your application's needs

Best Practices for Success

Smooth User Onboarding

Creating a great first impression starts with thoughtful user onboarding:

Use workflows to create custom welcome sequences that introduce users to your application's key features
Assign appropriate default roles that give new users enough access to be productive without overwhelming them
Provide clear next steps after account creation so users know exactly what to do first
Workflows

allow you to tune your software to fit your business. From simple approvals to complex data manipulation, workflows make tasks faster and more efficient.

Security Without Friction

Effective security protects your organisation while enabling productivity:

Enable email verification for all new users to maintain data quality and prevent abuse
Use role-based access control to ensure users can do their jobs without accessing sensitive information they don't need
Regularly audit user access and remove accounts for people who no longer need access
Consider API keys for automated systems rather than using personal accounts for integrations

Multi-Project Excellence

When managing users across multiple projects, consistency and clarity are key:

Plan your role structure across projects to avoid confusion and security gaps
Use consistent naming conventions for roles and permissions so users understand their access level
Regularly review cross-project access to ensure users have appropriate permissions as their responsibilities change
Document your access patterns so new administrators understand your organisation's approach

User management in Anythink grows with your organisation, providing the foundation for secure, scalable applications while keeping the experience simple for both you and your users.

Roles and permissions

Updated Aug 28, 2025

Create custom roles and fine-tune permissions to match your business requirements exactly.

Access control in Anythink works through a sophisticated but user-friendly system that gives you precise control over who can do what in your application. Whether you need simple role-based access for a small team or complex multi-layered permissions for an enterprise application, Anythink's security model adapts to your needs.

Built around the principle of least privilege, the system ensures users have exactly the access they need to be productive while protecting sensitive data and operations from unauthorised access.

Understanding the Access Control Layers

Anythink's security model works through four distinct but interconnected layers, each providing progressively more granular control over user access.

System-Level Access

At the highest level, users are granted or denied access to major system components:

Dashboard Access (Breeze UI) - Can users access the visual dashboard interface?
API Access - Can users make direct API calls to your endpoints?
Administrator Privileges - Does the user have unrestricted access to everything?

These fundamental settings determine what parts of your Anythink instance a user can even see, providing the foundation for all other access controls.

Role-Based Permissions

The core of your access control strategy revolves around roles and permissions. Each role represents a collection of permissions that make sense for a particular type of user in your organisation.

Standard Resources

Every Anythink project comes with permissions for essential platform features:

Documentation - Access to your project's documentation
Entities - Creating and managing your data models
Fields - Adding and configuring entity fields
Workflows - Building and managing automation
Modules - Installing and configuring platform extensions
Files - Uploading and managing file assets

Administrative Resources

For users who need to manage the platform itself:

Menus - Configuring dashboard navigation and role-specific interfaces
Roles - Creating and editing user roles
Permissions - Managing access control rules
Users - Adding and managing user accounts

Each resource supports four standard actions:

Read - View and browse existing items
Create - Add new items
Update - Modify existing items
Delete - Remove items permanently

This creates a matrix of permissions like users:read, entities:create, or files:delete that you can assign to roles with surgical precision.

Entity-Level Security

Control access to entire data entities by enabling Row-Level Security (RLS) on specific entities through your data model configuration. When RLS is enabled:

Entity becomes private by default - Only users with explicit access can see any records
Granular record access - Grant access to individual records on a per-user basis
Read-only or full access - Control whether users can modify records they have access to
Administrative bypass - Administrators always have full access regardless of RLS settings

Data Modelling

The dynamic data model is the ultimate core to the Anythink platform, this is where a customer can define the entities (or data tables) that are key to business functionality. Here a you can choose between fields that they would like to store for a given entity in their business.

Field-Level Security

For even more granular control, you can restrict which specific fields within an entity a role can access. This is perfect for scenarios where different team members need access to the same data but with different levels of detail.

Field-level security works by:

Defaulting to accessible - New fields are available to all roles unless explicitly restricted
Protecting system fields - Core fields like id, created_at, and updated_at are always accessible
Supporting real-time updates - Changes take effect immediately across all interfaces
Search visibility control - Fields can be made publicly searchable or restricted through search configuration

Anythink Search

Search is deeply integrated into Anythink, and each Anythink instance contains a full-text search engine that you can use internally to find your content inside the Anythink platform, or through the API allowing you to use this in your apps; but with privacy in mind, you can choose which fields you want to be publicly available or remain private.

Dashboard Personalisation by Role

Role-Specific Menu Configuration

Different roles can have completely different dashboard experiences through customised menu configurations:

Hide irrelevant sections - Customer service roles don't need to see data modelling tools
Highlight key features - Put the most important tools front and center for each role type
Streamline workflows - Create focused interfaces that match how different users actually work
Maintain consistency - Ensure similar roles across projects have similar experiences

Menu Configuration

This means your content editors see a dashboard focused on data management, whilst your administrators see system configuration options, and your analysts see reporting and search tools.

Building Your Role Strategy

Default Roles

Every new Anythink project starts with two fundamental roles that cover most basic scenarios:

Standard User

Read access to documentation, entities, fields, workflows, modules, and files
Create access to workflows and files
Perfect for team members who need to use the platform but not configure it

Admin User

Full administrator privileges with unrestricted access
Can manage users, roles, permissions, and all system configuration
Bypass all field-level and row-level security restrictions

Custom Role Design

For most real-world applications, you'll want to create custom roles that match your organisation's structure and workflow. Consider these common patterns:

Content Manager

Full access to entities and fields (for data model management)
Read-only access to users and workflows
File upload and management permissions
No access to roles or system configuration

Data Analyst

Read access to all data entities
File access for reports and exports
No modification permissions for data models or workflows
Perfect for team members who need to analyse but not change data

Customer Support

Read and update access to customer-related entities
Row-level security for assigned cases only
No access to financial or administrative data
Workflow permissions for status updates and notifications

Role Assignment Strategy

Think about role assignment as part of your overall user journey:

Default role for new users - What should someone get when they first join?

Promotion paths - How do users gain additional permissions over time?

Temporary access - How do you handle contractors or short-term team members?

Cross-functional needs - How do you handle users who need different access in different contexts?

Advanced Access Control Features

Field-Level Security Configuration

When standard role permissions aren't granular enough, field-level security gives you surgical control over data access. From the role management interface, you can:

Enable/disable field access with simple toggle switches
See system field protection - certain fields are always accessible and clearly marked
Make bulk changes across multiple fields for efficient role configuration
Preview access patterns before saving changes

This level of control means you can have a "Customer Service" role that sees customer contact information but not payment details, or a "Finance" role that accesses billing information but not personal notes.

Row-Level Security Implementation

Row-level security transforms how users interact with your data by creating personalised views of shared entities:

When RLS is enabled for an entity:

Users only see records they've been explicitly granted access to
Access can be read-only or read-write on a per-record basis
Administrators can assign record access through the dashboard interface
API responses automatically filter to only include accessible records

Managing RLS access:

Add users to specific records through the dashboard
Set read-only or full access per user per record
Remove access when users no longer need specific records
Audit who has access to which records for compliance

Multi-Project Access Patterns

For organisations using multiple Anythink projects, user access becomes even more sophisticated:

Different roles per project - A user might be an admin in one project and a viewer in another
Consistent user identity - One account works across all projects they have access to
Project-specific permissions - Role configurations are isolated between projects
Seamless project switching through the dashboard interface

API Integration and Programmatic Control

Permission Checking in Custom Applications

When building applications that consume your Anythink APIs, you can programmatically check user permissions:

http

GET /api/permissions/entity/{entityName}

{
  "read": true,
  "create": false, 
  "update": true,
  "delete": false
}

This allows your applications to adapt their interface based on what the current user is allowed to do, creating a seamless experience that respects your access control rules.

API Key Authentication

For service accounts and automated systems, API keys provide an alternative to user-based authentication:

Scoped to specific users - API keys inherit the permissions of their associated user account
Perfect for integrations - Connect external services without sharing personal credentials
Audit trail friendly - API key usage appears in logs with clear identification
Revocable access - Disable API keys instantly without affecting user accounts

Security Best Practices

Role Design Principles

Start minimal and expand

Begin with the least access necessary and add permissions as users demonstrate need for additional capabilities.

Use descriptive names

Role names like "Content Editor" or "Customer Support Agent" are immediately clear to administrators and users alike.

Document your access patterns

Keep notes about why certain roles have specific permissions - this helps when onboarding new administrators or auditing access.

Regular access reviews

Schedule periodic reviews of who has what access, especially for roles with elevated permissions.

Field-Level Security Strategy

Protect financial data by default

Consider making fields containing payment information, salaries, or financial projections restricted by default.

Think about compliance requirements

If your industry has specific data protection requirements, use field-level security to ensure only authorised personnel can access regulated information.

Consider user experience

Hiding too many fields can make interfaces confusing - strike a balance between security and usability.

Row-Level Security Guidelines

Enable RLS thoughtfully

Row-level security adds complexity to your application - only enable it for entities where record-level access control is truly necessary.

Plan your access patterns

Before enabling RLS, think through how users will gain access to records and who will manage those assignments.

Monitor performance

RLS adds database queries to check access - monitor your application performance and optimise as needed.

Operational Security

Use administrator roles sparingly

Administrator access bypasses all security controls - only grant it to users who genuinely need unrestricted access.

Implement the principle of least privilege

Users should have exactly the permissions they need to do their job, nothing more.

Plan for user lifecycle management

Have clear processes for what happens when users change roles, leave the organisation, or need temporary elevated access.

Regular security audits

Periodically review role assignments, especially for users with elevated permissions or access to sensitive data.

Anythink's roles and permissions system grows with your organisation, providing the security foundation you need whilst maintaining the flexibility to adapt as your needs evolve. Whether you're protecting customer data, ensuring compliance, or simply organising team access, the system provides the tools you need without getting in the way of productivity.

Authentication

Updated Jul 9, 2025

Anythink authentication is designed to make implementing native feeling login and registration within your apps really simple and easy.\ \ If you like, you can also use Anythink auth as a stand alone product, you don't need to use "anythink" else. Yet auth is deeply integrated and will allow you to store and keep safe any data you choose.

Anythink Auth supports common authentication methods including password, magic link and one-time passwords (OTP).

Authentication and authorisation

It's not just authentication though, there is also authorisation. Authentication is about checking if the user is who we think they are, Authorisation is about making sure they are only allowed to see the things they're allowed to see.

As with most modern authentication systems, Anythink uses JSON Web Tokens (JWTs) for authentication and these integrate seamlessly with our Anythink entities for auhtorisation, providing role based access restrictions to entities and row level security (RLS) for each field of an entity.

Auth also enables access control to your dynamic API. When using your API for restricted content, you can pass your users auth token (JWT) along with your requests and the data returned will be scoped to that user according to the row level security (RLS) policies you have specified when you configured your entities.

My APIs

Files and Search

Discover more content related to users and security.