Appearance
Designing for Roles β
The same SaaS product should feel purpose-built for every role that uses it --- admin, manager, and member should each see what they need, nothing more.
Why This Matters β
Most SaaS products serve multiple roles within an organization. A billing admin, a project manager, and a team member all log into the same app but have completely different goals, permissions, and mental models. Treating them the same way guarantees you serve none of them well.
| Role | Why You Should Care |
|---|---|
| π’ Owner | Enterprise deals require granular roles and permissions. Without them, you lose the deal. |
| π» Dev | Permission logic touches every API endpoint and UI component. Bad architecture here means security holes and spaghetti conditionals. |
| π PM | Feature specs must account for "who sees what." Missing a role consideration mid-sprint causes rework. |
| π¨ Designer | You are designing multiple experiences in one product. Each role needs its own user journey. |
The Concept (Simple) β
Think of roles like security badges in an office building. Everyone enters through the same front door, but your badge determines which floors you can access, which rooms you can enter, and which controls you can operate. A visitor sees the lobby. An employee sees their floor. A building manager sees the control room.
Your SaaS app works the same way. The codebase is one product, but the experience adapts based on who is logged in.
ββββββββββββββββββββββββββββββββββββββββββββββββ
β SAME APPLICATION β
β β
β βββββββββββ ββββββββββββ ββββββββββββ β
β β ADMIN β β MANAGER β β MEMBER β β
β β β β β β β β
β β Full β β Team β β Own work β β
β β control β β overview β β only β β
β β β β β β β β
β β Billing β β Reports β β Tasks β β
β β Users β β Assign β β Profile β β
β β Config β β Approve β β Submit β β
β βββββββββββ ββββββββββββ ββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββHow It Works (Detailed) β
Role Hierarchy β
Most SaaS products follow a hierarchical role model. Understanding this hierarchy is the foundation for every UI decision.
ASCII Role Hierarchy Diagram:
ββββββββββββββββ
β SUPER ADMIN β Platform-level (your team)
β (internal) β Can impersonate, access all tenants
ββββββββ¬ββββββββ
β
ββββββββ΄ββββββββ
β OWNER β Tenant-level
β β Full access, billing, can delete org
ββββββββ¬ββββββββ
β
ββββββββ΄ββββββββ
β ADMIN β Org-level management
β β Manage users, settings, integrations
ββββββββ¬ββββββββ
β
ββββββββββββββΌβββββββββββββ
β β β
ββββββββ΄βββββββ ββββ΄ββββ βββββββ΄ββββββ
β MANAGER β βEDITORβ β VIEWER β
β β β β β β
β Team mgmt, β βCreateβ β Read-only β
β reports, β βedit, β β access β
β approvals β βdeleteβ β β
βββββββββββββββ ββββββββ βββββββββββββPermission Matrix:
| Capability | Owner | Admin | Manager | Editor | Viewer |
|---|---|---|---|---|---|
| View own data | Yes | Yes | Yes | Yes | Yes |
| View team data | Yes | Yes | Yes | Yes | Yes |
| View all org data | Yes | Yes | Yes | No | No |
| Create content | Yes | Yes | Yes | Yes | No |
| Edit own content | Yes | Yes | Yes | Yes | No |
| Edit others' content | Yes | Yes | Yes | No | No |
| Delete content | Yes | Yes | Yes | No | No |
| Manage team members | Yes | Yes | Yes | No | No |
| Manage all users | Yes | Yes | No | No | No |
| Change org settings | Yes | Yes | No | No | No |
| Manage billing | Yes | No | No | No | No |
| Delete organization | Yes | No | No | No | No |
| Transfer ownership | Yes | No | No | No | No |
Admin vs Regular User Experiences β
The admin experience and the regular user experience often need fundamentally different layouts.
Admin Dashboard:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [Logo] Dashboard Users Settings Billing β
ββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββ€
β β β
β ADMIN β ββββββββββββ ββββββββββββ ββββββββββ β
β SIDEBAR β β Active β β MRR β β Seats β β
β β β Users β β $24.8k β β 38/50 β β
β Overview β β 142 β β +8% β² β β 76% β β
β Users β ββββββββββββ ββββββββββββ ββββββββββ β
β > All β β
β > Pending β ββββββββββββββββββββββββββββββββββββββ β
β > Roles β β RECENT USER ACTIVITY β β
β Teams β β β β
β Audit Log β β jane@co Invited 3 members 2m β β
β Security β β bob@co Changed plan 15m β β
β Billing β β alice@co Exported report 1h β β
β ββββββββ β β john@co Failed login (3x) 2h β β
β Settings β β β β
β β ββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββ΄ββββββββββββββββββββββββββββββββββββββββββRegular User Dashboard:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [Logo] Dashboard Projects Reports [Avatar] β
ββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββ€
β β β
β MY WORK β Good morning, Sarah β
β β β
β Dashboard β ββββββββββββββββββββββββββββββββββββββ β
β My Tasks β β YOUR TASKS TODAY 3 of 7 β β
β Projects β β β β
β > Active β β [ ] Review Q3 proposal HIGH β β
β > Archive β β [ ] Update client brief MED β β
β Calendar β β [x] Send weekly report DONE β β
β ββββββββ β ββββββββββββββββββββββββββββββββββββββ β
β Help β β
β Profile β ββββββββββββββββ βββββββββββββββββββββ β
β β β MY PROJECTS β β TEAM UPDATES β β
β β β β β β β
β β β Project A β β Bob added 3 tasks β β
β β β Project B β β Design review @2pmβ β
β β β + Join more β β Sprint ends Fri β β
β β ββββββββββββββββ βββββββββββββββββββββ β
ββββββββββββββ΄ββββββββββββββββββββββββββββββββββββββββββKey differences between admin and user views:
| Aspect | Admin View | Regular User View |
|---|---|---|
| Navigation | Org-wide sections (Users, Billing, Audit) | Personal sections (My Tasks, My Projects) |
| Dashboard KPIs | Org metrics (MRR, seats, active users) | Personal metrics (tasks done, deadlines) |
| Data scope | All users, all teams, all data | Own data, team data (if permitted) |
| Settings access | Full org configuration | Personal preferences only |
| Tone | Operational, monitoring | Productive, action-oriented |
Permission-Based UI Patterns β
There are three approaches to handling features a user does not have access to. Each has trade-offs.
PATTERN 1: HIDE
ββββββββββββββββ
Remove the element entirely.
Admin sees: [Dashboard] [Users] [Settings] [Billing]
Member sees: [Dashboard]
β Clean, uncluttered
β User doesn't know the feature exists
β Support confusion ("I don't see a Settings tab")
PATTERN 2: DISABLE
βββββββββββββββββββ
Show the element but make it non-interactive.
Admin sees: [Dashboard] [Users] [Settings] [Billing]
Member sees: [Dashboard] [Users] [Settings] [Billing]
β grayed out, tooltip: "Admin only"
β User knows the feature exists
β Reduces support tickets
β Cluttered for low-permission users
PATTERN 3: GATE WITH UPGRADE PATH
βββββββββββββββββββββββββββββββββββ
Show the element, but clicking it shows an upgrade or request-access prompt.
Member clicks [Billing] β "You don't have access to Billing.
Request access from your admin."
[ Request Access ]
β Discovery + conversion opportunity
β User can self-serve the request
β Can feel like a bait-and-switch if overusedWhen to use each pattern:
| Pattern | Use When |
|---|---|
| Hide | Feature is irrelevant to the role (member doesn't need audit logs) |
| Disable | Feature is relevant but restricted (editor can see reports but not export) |
| Gate | Feature is a plan upgrade opportunity or access is commonly requested |
Team Management Interfaces β
Team management is one of the most complex UX challenges in SaaS. It touches roles, permissions, invitations, and org structure.
Invite Flow:
TEAM MANAGEMENT FLOW
=====================
Admin clicks "Invite Member"
β
βΌ
βββββββββββββββββββββββββββββββββββ
β INVITE NEW MEMBER β
β β
β Email: [________________] β
β β
β Role: [ Manager βΌ ] β
β β
β Teams: [x] Engineering β
β [ ] Marketing β
β [x] Product β
β β
β [ Cancel ] [ Send Invite ] β
βββββββββββββββββββββββββββββββββββ
β
βΌ
Invite email sent
β
βΌ
User clicks link β Sign up β Lands in workspace
with assigned role and team accessTeam members list pattern:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Team Members [ + Invite ] β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Search: [_______________] Filter: [All Roles βΌ] β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β [AV] Alice Vance alice@company.co β β
β β Owner Last active: 2 hours ago β β
β β [Manage βΌ]β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β [BK] Bob Kim bob@company.co β β
β β Admin Last active: 1 day ago β β
β β [Manage βΌ]β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β [CL] Carol Lee carol@company.co β β
β β Editor Last active: 5 min ago β β
β β [Manage βΌ]β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β [ ] dave@company.co PENDING INVITE β β
β β Manager Sent: 3 days ago β β
β β [Resend] [Revoke] β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Showing 4 of 38 members [1] [2] [3] [>] β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββRole-Based Dashboards β
Rather than one dashboard with permission checks scattered throughout, consider designing distinct dashboard experiences per role.
Decision framework:
Are your roles' daily workflows fundamentally different?
β
βββ YES (e.g., admin monitors org, user does tasks)
β β
β βββ> Design SEPARATE dashboards per role
β Admin: /admin/dashboard
β User: /dashboard
β
βββ NO (e.g., everyone works on projects, admins just see more)
β
βββ> Design ONE dashboard with CONDITIONAL sections
Show/hide cards and sections based on permissionsConditional dashboard sections:
| Section | Owner | Admin | Manager | Editor | Viewer |
|---|---|---|---|---|---|
| Welcome + quick actions | Yes | Yes | Yes | Yes | Yes |
| Personal task list | Yes | Yes | Yes | Yes | Yes |
| Team overview | Yes | Yes | Yes | No | No |
| Org-wide metrics | Yes | Yes | No | No | No |
| Billing summary | Yes | No | No | No | No |
| Security alerts | Yes | Yes | No | No | No |
| Pending invites | Yes | Yes | No | No | No |
In Practice β
Common Patterns for Role-Based UI β
Pattern 1: Role Indicator
Always show the user which role they currently hold. This prevents confusion, especially for users who belong to multiple workspaces with different roles.
ββββββββββββββββββββββββββ
β [Avatar] β
β Sarah Chen β
β Admin Β· Acme Corp β β Role displayed clearly
β ββββββββββββββββββ β
β Switch workspace β
β Profile settings β
β Log out β
ββββββββββββββββββββββββββPattern 2: Inline Permission Feedback
When a user tries an action they cannot perform, explain why inline --- do not just fail silently.
BAD: Button is gone. User wonders why.
BAD: "Error: Permission denied." β No context
GOOD: Button is visible but grayed out.
Tooltip: "Only Admins can export data. Contact your admin."
GOOD: User clicks "Delete" β
"You need Manager permissions to delete projects.
[ Request Access ]"Pattern 3: Role Switcher for Multi-Role Users
Some users hold different roles in different workspaces. A few may even have multiple roles within one workspace (rare but common in small teams where the founder is both admin and user).
ββββββββββββββββββββββββββββββββββββββββββ
β WORKSPACES β
β β
β β Acme Corp Admin β
β acme.app.com β
β β
β β Side Project Editor β
β sideproject.app.com β
β β
β β Client Inc Viewer β
β client.app.com β
β β
β + Create new workspace β
β + Join a workspace β
ββββββββββββββββββββββββββββββββββββββββββMulti-Role Design Checklist β
Use this checklist when designing any new feature.
Before Design:
- [ ] List every role that will interact with this feature
- [ ] For each role, define: what can they see? What can they do?
- [ ] Identify the highest-risk permission (e.g., delete, export sensitive data)
- [ ] Decide pattern: hide, disable, or gate for each restricted action
During Design:
- [ ] Design the feature for the LOWEST permission role first (viewer/member)
- [ ] Layer additional capabilities on top for higher roles
- [ ] Design the empty/restricted state as carefully as the full state
- [ ] Ensure role indicators are visible in relevant contexts
- [ ] Test navigation: can each role find what they need within 2 clicks?
After Design:
- [ ] Review with engineering to confirm permission checks match the design
- [ ] Test with actual users of each role (not just admins)
- [ ] Verify that permission errors surface helpful messages, not raw error codes
- [ ] Ensure the audit log captures permission-sensitive actions (see security considerations)
- [ ] Document which API endpoints each role can access
Common Mistakes β
| Mistake | Consequence | Prevention |
|---|---|---|
| Designing only for admin | Regular users get a confusing, overpowered interface | Design for the lowest role first, then add layers |
| Hard-coding roles | Adding a new role requires touching every component | Use a permission system, not role checks (can('edit') not role === 'admin') |
| No escalation path | Users with insufficient permissions hit dead ends | Always provide a "Request Access" or "Contact Admin" option |
| Inconsistent patterns | Some features hide, some disable, some gate | Choose one pattern per feature category and document it |
| Ignoring role transitions | What happens when a user is promoted or demoted? | Design for role changes: cache invalidation, UI refresh, notifications |
| No audit trail | Admins cannot see who did what | Log every permission-sensitive action with actor, action, target, and timestamp |
Key Takeaways β
- Roles are not just a backend concern --- they fundamentally shape the UI each user sees
- Design for the lowest-permission role first, then layer capabilities upward
- Choose consistently between hide, disable, and gate patterns for restricted features
- Use permission-based checks (
can('edit')) rather than role-based checks (isAdmin) in code for flexibility - Every restricted action should surface a helpful message explaining why and what the user can do about it
- Team management UI (invites, role changes, member lists) is deceptively complex --- invest design time proportional to its importance
Action Items β
| Role | Next Step |
|---|---|
| π’ Owner | Define your product's role hierarchy. Start with 3-4 roles max --- you can always add more later. |
| π» Dev | Implement a permission system (can('action', 'resource')) rather than checking role names directly. This makes adding new roles a configuration change, not a code change. |
| π PM | Create a permission matrix (like the one above) for your top 10 features. Share it with design and engineering before the next sprint. |
| π¨ Designer | Audit your current product: for each feature, what does a viewer see? If the answer is "the same as admin but broken," prioritize a role-aware redesign. Review UX patterns in Chapter 16 and ensure your role-based components use the design system from Chapter 17. |
Previous: Chapter 17 --- Design System Basics | Related: Chapter 16 --- SaaS UX Principles