AnythinkDocs
See something missing?
powered by

Users and security

User Management

Updated Aug 28, 2025
Set up user accounts, roles, and permissions to control who can access what in your application.

Managing users in Anythink is designed to be simple for basic setups but powerful enough for complex organisational structures. Whether you're building a simple app or a sophisticated platform serving multiple organisations, Anythink's user management system adapts to your needs while maintaining security and simplicity.

Built with enterprise-grade security at its core, Anythink handles everything from individual user accounts to complex multi-project access patterns, letting you focus on building great experiences rather than wrestling with authentication infrastructure.

Authentication Made Simple

Anythink offers flexible authentication methods that balance security with user experience. Your users can choose the method that works best for them, while you maintain complete control over access policies.

Email & Password Authentication

The classic approach that users know and trust. Anythink's email and password authentication includes robust security features without the complexity:

  • Smart password requirements that you can configure based on your security needs
  • Automatic account verification via email to ensure valid user contacts
  • Secure password reset flow that protects against common attacks while remaining user-friendly

This traditional method works perfectly for applications where users log in regularly and prefer the familiarity of password-based access.

Magic Link Authentication

For a more modern, passwordless experience, magic links eliminate the friction of password management entirely. Users simply enter their email address and receive a secure login link:

  • Enhanced security because there's no password to compromise or forget
  • Simplified user experience that reduces support requests and abandoned logins
  • Perfect for infrequent users who might otherwise struggle with forgotten passwords

Magic links are particularly valuable for customer-facing applications where reducing barriers to entry directly impacts conversion rates.

Building Your User Base

Creating Users Manually

When you need direct control over who gets access, manual user creation gives you complete oversight. From your dashboard, navigate to Settings → Users where you can:

  1. Add User with their essential information (email, first name, last name)
  2. Assign roles immediately, ensuring they have appropriate permissions from day one (@roles-and-permissions see our detailed role management guide)
  3. Set project access to control which parts of your organisation they can see
  4. Send invitation emails automatically, or handle onboarding through your own channels

This approach works beautifully for team members, beta users, or any situation where you want to personally vet each new account.

Enabling User Self-Registration

For applications that need to scale user acquisition, self-registration removes you from the bottleneck while maintaining security. When enabled in your project settings, users can create their own accounts with:

  • Configurable registration rules that you control per project
  • Automatic role assignment using your predefined default role
  • Optional email verification to ensure account validity before access is granted

Self-registration is perfect for SaaS applications, community platforms, or any scenario where you want users to onboard themselves while you focus on building features.

Bringing Users Into Your Organisation

The Invitation Experience

User invitations in Anythink create a smooth onboarding experience that reflects well on your organisation. When you invite someone, here's what happens:

  1. Secure invitation email goes out with a time-limited, encrypted link
  2. Guided account setup where the user creates their password and verifies their email
  3. Automatic role assignment based on the role you specified when sending the invitation
  4. Custom onboarding flows that you can create using workflows to welcome users and guide them through your specific application

  5. Workflows

    allow you to tune your software to fit your business. From simple approvals to complex data manipulation, workflows make tasks faster and more efficient.

Smart Invitation Management

Anythink helps you stay on top of your invitation process with:

  • Clear status tracking showing which invitations are sent, accepted, or expired
  • Easy resend capabilities for when emails get lost or users need reminders
  • Configurable expiration dates that balance security with user convenience

This system ensures that your user onboarding process feels professional and organised, whether you're inviting a single consultant or rolling out access to an entire department.

Multi-Project User Management

Seamless Project Switching

For users who work across multiple projects or organisations, Anythink provides a unified experience that eliminates the need for multiple accounts:

  • Quick project selector accessible from the user menu in any project
  • Separate data contexts that keep each project's information completely isolated
  • Role-appropriate interfaces that adapt based on the user's permissions in each specific project

This means a consultant working with multiple clients can switch between projects instantly, while a team member can access different company divisions without logging in and out repeatedly.

Strategic Cross-Project Access

Managing users across multiple projects becomes straightforward with Anythink's centralised approach:

  • Assign different roles per project - someone might be an admin in one project and a viewer in another
  • Central user management that lets you see and control a user's access across your entire organisation
  • Consistent user experience that reduces training overhead when users work across projects

User Profiles and Personal Information

Essential User Data

Every user account automatically includes the information you need for effective user management:

  • Email address serves as the unique identifier and primary contact method
  • First and last name for personalisation and professional communication
  • Profile image that helps teams recognise each other in the interface
  • Activity timestamps including last login and account creation for security auditing

User-Controlled Profile Management

Anythink gives users control over their own information, reducing administrative overhead while maintaining data accuracy:

  • Contact information updates that users can manage themselves
  • Password changes through a secure, self-service process
  • Notification preferences that let users control how and when they hear from your application

This self-service approach keeps user data fresh while freeing up your time for more strategic work.

Access Control and Security

User Status Management

Anythink provides granular control over user access through a clear status system:

  • Active users have full access to all assigned resources and can work normally
  • Invited users have been sent invitations but haven't yet completed account setup
  • Inactive users have disabled accounts and cannot access any resources
  • Suspended users face temporary access restrictions while maintaining their account data

Layered Access Control

User access in Anythink works through multiple complementary layers that provide both security and flexibility:

  • Account-level status controls whether a user can access anything at all
  • Role-based permissions determine what actions a user can perform detailed roles and permissions guide
  • Row-level security controls which specific data records a user can see or modify
  • API key restrictions provide fine-grained control for programmatic access

This layered approach means you can grant access as broadly or as narrowly as your security requirements demand, without creating administrative complexity.

API Integration and Automation

Programmatic User Management

For organisations that need to automate user lifecycle management, Anythink's

Dynamic API Overview

One of Anythink's most powerful, and unique, features is that every entity you create automatically generates a complete set of RESTful API endpoints. No manual API development required - your data model becomes your API specification to be able to connect an app, website or 3rd party api to retrieve your data.

provide complete programmatic control:

  • Automated user provisioning from HR systems, customer databases, or signup flows
  • Bulk user operations for managing large teams or customer migrations
  • Integration with external systems like CRMs, support platforms, or billing systems
  • **Custom user management workflows that fit your specific business processes

Flexible API Authentication

Users can authenticate with your APIs using multiple methods depending on their use case:

  • JWT tokens automatically generated when users log into the dashboard
  • API keys perfect for service accounts, integrations, or automated systems
  • Magic link tokens for temporary access scenarios or simplified mobile experiences

Security That Actually Works

Password Protection

Anythink's password security strikes the right balance between protection and usability:

  • Configurable complexity requirements that you can adjust based on your risk tolerance
  • Secure password reset process that protects against account takeover attempts
  • Brute force protection that automatically blocks suspicious login attempts

Session Security

User sessions are managed with enterprise-grade security practices:

  • Automatic session timeouts that protect against abandoned sessions
  • Multiple device support so users can work from laptop, tablet, and phone
  • Secure token refresh that maintains security while keeping users logged in

Email Verification and Trust

Email verification helps ensure that users are who they claim to be:

  • Required email confirmation for new accounts prevents fake registrations
  • Re-verification for email changes maintains account security when contact information updates
  • Configurable verification requirements that you can adjust based on your application's needs

Best Practices for Success

Smooth User Onboarding

Creating a great first impression starts with thoughtful user onboarding:

Security Without Friction

Effective security protects your organisation while enabling productivity:

  • Enable email verification for all new users to maintain data quality and prevent abuse
  • Use role-based access control to ensure users can do their jobs without accessing sensitive information they don't need
  • Regularly audit user access and remove accounts for people who no longer need access
  • Consider API keys for automated systems rather than using personal accounts for integrations

Multi-Project Excellence

When managing users across multiple projects, consistency and clarity are key:

  • Plan your role structure across projects to avoid confusion and security gaps
  • Use consistent naming conventions for roles and permissions so users understand their access level
  • Regularly review cross-project access to ensure users have appropriate permissions as their responsibilities change
  • Document your access patterns so new administrators understand your organisation's approach

User management in Anythink grows with your organisation, providing the foundation for secure, scalable applications while keeping the experience simple for both you and your users.

Roles and permissions

Updated Aug 28, 2025
Create custom roles and fine-tune permissions to match your business requirements exactly.

Access control in Anythink works through a sophisticated but user-friendly system that gives you precise control over who can do what in your application. Whether you need simple role-based access for a small team or complex multi-layered permissions for an enterprise application, Anythink's security model adapts to your needs.

Built around the principle of least privilege, the system ensures users have exactly the access they need to be productive while protecting sensitive data and operations from unauthorised access.

Understanding the Access Control Layers

Anythink's security model works through four distinct but interconnected layers, each providing progressively more granular control over user access.

System-Level Access

At the highest level, users are granted or denied access to major system components:

  • Dashboard Access (Breeze UI) - Can users access the visual dashboard interface?

  • API Access - Can users make direct API calls to your endpoints?

  • Administrator Privileges - Does the user have unrestricted access to everything?

These fundamental settings determine what parts of your Anythink instance a user can even see, providing the foundation for all other access controls.

Role-Based Permissions

The core of your access control strategy revolves around roles and permissions. Each role represents a collection of permissions that make sense for a particular type of user in your organisation.

Standard Resources

Every Anythink project comes with permissions for essential platform features:

  • Documentation - Access to your project's documentation

  • Entities - Creating and managing your data models

  • Fields - Adding and configuring entity fields

  • Workflows - Building and managing automation

  • Modules - Installing and configuring platform extensions

  • Files - Uploading and managing file assets

Administrative Resources

For users who need to manage the platform itself:

  • Menus - Configuring dashboard navigation and role-specific interfaces

  • Roles - Creating and editing user roles

  • Permissions - Managing access control rules

  • Users - Adding and managing user accounts

Each resource supports four standard actions:

  • Read - View and browse existing items

  • Create - Add new items

  • Update - Modify existing items

  • Delete - Remove items permanently

This creates a matrix of permissions like users:read, entities:create, or files:delete that you can assign to roles with surgical precision.

Entity-Level Security

Control access to entire data entities by enabling Row-Level Security (RLS) on specific entities through your data model configuration. When RLS is enabled:

  • Entity becomes private by default - Only users with explicit access can see any records

  • Granular record access - Grant access to individual records on a per-user basis

  • Read-only or full access - Control whether users can modify records they have access to

  • Administrative bypass - Administrators always have full access regardless of RLS settings

Data Modelling

The dynamic data model is the ultimate core to the Anythink platform, this is where a customer can define the entities (or data tables) that are key to business functionality. Here a you can choose between fields that they would like to store for a given entity in their business.

Field-Level Security

For even more granular control, you can restrict which specific fields within an entity a role can access. This is perfect for scenarios where different team members need access to the same data but with different levels of detail.

Field-level security works by:

  • Defaulting to accessible - New fields are available to all roles unless explicitly restricted

  • Protecting system fields - Core fields like id, created_at, and updated_at are always accessible

  • Supporting real-time updates - Changes take effect immediately across all interfaces

  • Search visibility control - Fields can be made publicly searchable or restricted through search configuration

Anythink Search

Search is deeply integrated into Anythink, and each Anythink instance contains a full-text search engine that you can use internally to find your content inside the Anythink platform, or through the API allowing you to use this in your apps; but with privacy in mind, you can choose which fields you want to be publicly available or remain private.

Dashboard Personalisation by Role

Role-Specific Menu Configuration

Different roles can have completely different dashboard experiences through customised menu configurations:

  • Hide irrelevant sections - Customer service roles don't need to see data modelling tools

  • Highlight key features - Put the most important tools front and center for each role type

  • Streamline workflows - Create focused interfaces that match how different users actually work

  • Maintain consistency - Ensure similar roles across projects have similar experiences

Menu Configuration

This means your content editors see a dashboard focused on data management, whilst your administrators see system configuration options, and your analysts see reporting and search tools.

Building Your Role Strategy

Default Roles

Every new Anythink project starts with two fundamental roles that cover most basic scenarios:

Standard User

  • Read access to documentation, entities, fields, workflows, modules, and files

  • Create access to workflows and files

  • Perfect for team members who need to use the platform but not configure it

Admin User

  • Full administrator privileges with unrestricted access

  • Can manage users, roles, permissions, and all system configuration

  • Bypass all field-level and row-level security restrictions

Custom Role Design

For most real-world applications, you'll want to create custom roles that match your organisation's structure and workflow. Consider these common patterns:

Content Manager

  • Full access to entities and fields (for data model management)

  • Read-only access to users and workflows

  • File upload and management permissions

  • No access to roles or system configuration

Data Analyst

  • Read access to all data entities

  • File access for reports and exports

  • No modification permissions for data models or workflows

  • Perfect for team members who need to analyse but not change data

Customer Support

  • Read and update access to customer-related entities

  • Row-level security for assigned cases only

  • No access to financial or administrative data

  • Workflow permissions for status updates and notifications

Role Assignment Strategy

Think about role assignment as part of your overall user journey:

  1. Default role for new users - What should someone get when they first join?
  1. Promotion paths - How do users gain additional permissions over time?
  1. Temporary access - How do you handle contractors or short-term team members?
  1. Cross-functional needs - How do you handle users who need different access in different contexts?

Advanced Access Control Features

Field-Level Security Configuration

When standard role permissions aren't granular enough, field-level security gives you surgical control over data access. From the role management interface, you can:

  • Enable/disable field access with simple toggle switches

  • See system field protection - certain fields are always accessible and clearly marked

  • Make bulk changes across multiple fields for efficient role configuration

  • Preview access patterns before saving changes

This level of control means you can have a "Customer Service" role that sees customer contact information but not payment details, or a "Finance" role that accesses billing information but not personal notes.

Row-Level Security Implementation

Row-level security transforms how users interact with your data by creating personalised views of shared entities:

When RLS is enabled for an entity:

  • Users only see records they've been explicitly granted access to

  • Access can be read-only or read-write on a per-record basis

  • Administrators can assign record access through the dashboard interface

  • API responses automatically filter to only include accessible records

Managing RLS access:

  • Add users to specific records through the dashboard

  • Set read-only or full access per user per record

  • Remove access when users no longer need specific records

  • Audit who has access to which records for compliance

Multi-Project Access Patterns

For organisations using multiple Anythink projects, user access becomes even more sophisticated:

  • Different roles per project - A user might be an admin in one project and a viewer in another

  • Consistent user identity - One account works across all projects they have access to

  • Project-specific permissions - Role configurations are isolated between projects

  • Seamless project switching through the dashboard interface

API Integration and Programmatic Control

Permission Checking in Custom Applications

When building applications that consume your Anythink APIs, you can programmatically check user permissions:

http 
GET /api/permissions/entity/{entityName}

{
  "read": true,
  "create": false, 
  "update": true,
  "delete": false
}

This allows your applications to adapt their interface based on what the current user is allowed to do, creating a seamless experience that respects your access control rules.

API Key Authentication

For service accounts and automated systems, API keys provide an alternative to user-based authentication:

  • Scoped to specific users - API keys inherit the permissions of their associated user account

  • Perfect for integrations - Connect external services without sharing personal credentials

  • Audit trail friendly - API key usage appears in logs with clear identification

  • Revocable access - Disable API keys instantly without affecting user accounts

Security Best Practices

Role Design Principles

Start minimal and expand

Begin with the least access necessary and add permissions as users demonstrate need for additional capabilities.

Use descriptive names

Role names like "Content Editor" or "Customer Support Agent" are immediately clear to administrators and users alike.

Document your access patterns

Keep notes about why certain roles have specific permissions - this helps when onboarding new administrators or auditing access.

Regular access reviews

Schedule periodic reviews of who has what access, especially for roles with elevated permissions.

Field-Level Security Strategy

Protect financial data by default

Consider making fields containing payment information, salaries, or financial projections restricted by default.

Think about compliance requirements

If your industry has specific data protection requirements, use field-level security to ensure only authorised personnel can access regulated information.

Consider user experience

Hiding too many fields can make interfaces confusing - strike a balance between security and usability.

Row-Level Security Guidelines

Enable RLS thoughtfully

Row-level security adds complexity to your application - only enable it for entities where record-level access control is truly necessary.

Plan your access patterns

Before enabling RLS, think through how users will gain access to records and who will manage those assignments.

Monitor performance

RLS adds database queries to check access - monitor your application performance and optimise as needed.

Operational Security

Use administrator roles sparingly

Administrator access bypasses all security controls - only grant it to users who genuinely need unrestricted access.

Implement the principle of least privilege

Users should have exactly the permissions they need to do their job, nothing more.

Plan for user lifecycle management

Have clear processes for what happens when users change roles, leave the organisation, or need temporary elevated access.

Regular security audits

Periodically review role assignments, especially for users with elevated permissions or access to sensitive data.

Anythink's roles and permissions system grows with your organisation, providing the security foundation you need whilst maintaining the flexibility to adapt as your needs evolve. Whether you're protecting customer data, ensuring compliance, or simply organising team access, the system provides the tools you need without getting in the way of productivity.

Authentication

Updated Jul 9, 2025
Anythink authentication is designed to make implementing native feeling login and registration within your apps really simple and easy.\ \ If you like, you can also use Anythink auth as a stand alone product, you don't need to use "anythink" else. Yet auth is deeply integrated and will allow you to store and keep safe any data you choose.

Anythink Auth supports common authentication methods including password, magic link and one-time passwords (OTP).

Authentication and authorisation

It's not just authentication though, there is also authorisation. Authentication is about checking if the user is who we think they are, Authorisation is about making sure they are only allowed to see the things they're allowed to see.

As with most modern authentication systems, Anythink uses JSON Web Tokens (JWTs) for authentication and these integrate seamlessly with our Anythink entities for auhtorisation, providing role based access restrictions to entities and row level security (RLS) for each field of an entity.

Auth also enables access control to your dynamic API. When using your API for restricted content, you can pass your users auth token (JWT) along with your requests and the data returned will be scoped to that user according to the row level security (RLS) policies you have specified when you configured your entities.

Previous
My APIs
Next
Files and Search

Related Articles

Discover more content related to users and security.

Roles and permissions

Create custom roles and fine-tune permissions to match your business requirements exactly.
Building my app / Users and security
Read Article

Quick Start

Ready to build? Let's get your first Anythink project running in under 5 minutes. You'll go from signup to live APIs faster than you can make a coffee.
Getting started / First Steps
Read Article

Connecting things

Relationships are the foundation of powerful data modeling, allowing you to connect different entities together to create rich, interconnected data structures. Think of relationships as the "glue" that binds your data together, enabling you to model real-world scenarios where different pieces of information naturally connect.
Building my app / Managing my data
Read Article

File Management

Files are one of the most powerful features in Anythink, allowing you to store, organise, and deliver files globally through our integrated CDN. Whether you're building a content management system, e-commerce platform, or document repository, our file management makes it simple.
Building my app / Files and Search
Read Article

Dynamic API Overview

One of Anythink's most powerful, and unique, features is that every entity you create automatically generates a complete set of RESTful API endpoints. No manual API development required - your data model becomes your API specification to be able to connect an app, website or 3rd party api to retrieve your data.
Building my app / My APIs
Read Article

Data Types

Anythink supports a wide range of standard database data types, and some custom ones designed to make it really easy to manage specific data types within your business.
Building my app / Managing my data
Read Article
Roles and permissions | Users and security | Anythink Docs | Anythink Docs