What is Permissions UI?

Permissions UI (or Roles-based security) is the new permissions interface for NextGen Blackbaud products. Permissions UI centralizes all users with a Blackbaud ID associated with an organization. This means that all of of an organization's users (and not just Raiser's Edge NXT) that log into Blackbaud's website with a Blackbaud ID now appear in the same list of users.

To determine a user's level of access to your feature areas, you now apply roles to users. Roles couple tasks with permissions to establish access to Web View-specific features.

How to tell if a customer has role-based Permissions or group-based security
  1. Via Control Panel>Security
    1. In Web View, have a Supervisor user navigate to Control Panel>Security
    2. Look at the tabs on the screen
  • If the user sees tabs that say, UsersNeed invitationAwaiting responseRegisteredSecurity groups,  they have Group-based security
Group-based security
Roles tabs​​​
  What do I do if no users at my organization have access to Control Panel>Security?
  1. Follow the steps in How to find my Environment ID for NXT Web View
  2. Contact Support and provide the associate with the Environment ID, name, and email address of the user who should be granted Admin access to your environment
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the Raiser's Edge NXT or Financial Edge NXT account column
RE NXT user

How to tell what roles a user is assigned​
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the FundraisingAnalyze, and Marketing columns to determine which roles are assigned
Roles Assignements
 
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the Email column
Email
 
 
  • Active and invitation sent: Any user who meets any of the following criteria:
    1. Has an active Blackbaud ID that is associated with the organization
    2. Has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
  • Active only: Any user who has an active Blackbaud ID that is associated with the organization
  • Invitation sent only: Any user who has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
  • Inactive only: Any user who previously had an active Blackbaud ID that was associated with the organization, but has since been dissociated from the organization
  • All: Any user who meets the following criteria:
    1. Has an active Blackbaud ID that is associated with the organization 
    2. Has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
    3. Previously had an active Blackbaud ID that was associated with the organization, but has since been dissociated from the organization
 
  • Active: The user has an active Blackbaud account that is associated with the organization
  • Inactive: The user has a Blackbaud account associated with the organization, but they are an inactive user and no longer have access to the organization's environments
  • Invitation sent: The user has been invited to Blackbaud.com, but has not yet confirmed their invitation
 
  • If the Status column of the user's account says Invitation sent, they can be deleted from the Users tab by completing the following steps:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the desired user
    3. To the left of the Name column, click the ellipses icon
    4. Click Make inactive
    5. When presented with the Are you sure you want to make the user’s Blackbaud ID inactive for all its Blackbaud solutions? prompt, click Make inactive
  • If the Status column of the user's account says Active or Inactive, the user cannot be deleted from the Users tab

When do I use Admin Console vs Permissions UI to invite users?
Please refer to When to use Admin Console vs Permissions UI to invite users

How to invite a user

If the user does not have an existing Blackbaud ID associated with your organization AND does not have an existing RE7/FE7 account
  1. In Web View, click Control Panel>Security
  2. On the Users tab, click Add user
  3. Type the user's name as they wish for it to appear on the Blackbaud ID profile into the Name field
  4. Type the user's email address into the Email field
  5. Under Security, select your desired user roles (or mark Make Admin to grant Admin access)
  6. Under Product security, click the Grant access for the product you wish to grant the user Database View access
  7. Click Choose security groups
  8. Select your desired user groups (Supervisor rights = Supervisor users)
  9. Click Select
  10. Click Send invite
  11. Have the user check their inbox for an email that says, You've been invited to Blackbaud! and follow the prompts

If the user has a Blackbaud ID associated with your organization BUT does not have an existing RE7/FE7 account
  1. In Web View, click Control Panel>Security
  2. On the Users tab, search for your desired user
  3. To the left of the Name column of your desired user, click the ellipses icon
  4. Click Manage roles
  5. Under Security, select your desired user roles (or mark Make Admin to grant Admin access)
  6. Under Product security, click the Grant access
  7. Click Choose security groups
  8. Select your desired user groups (Supervisor rights = Supervisor users)
  9. Click Select
  10. Click Save

If the user does not have a Blackbaud ID associated with your organization BUT does have an existing RE7/FE7 account
  1. In Web View, click Control Panel>Security
  2. On the Users tab, click Add user
  3. Type the user's name as they wish for it to appear on the Blackbaud ID profile into the Name field
  4. Type the user's email address into the Email field
  5. Under Security, select your desired user roles (or mark Make Admin to grant Admin access)
  6. Under Product security, click the Grant access for the product you wish to grant the user Database View access
  7. Click Link ot an existing user instead
  8. Click into the Find user field
  9. Search for and select the user's RE username
  10. Click Send invite
  11. Have the user check their inbox for an email that says, You've been invited to Blackbaud! and follow the prompts

If the user has a Blackbaud ID associated with your organization AND has an existing RE7/FE7 account
  1. In Web View, click Control Panel>Security
  2. On the Users tab, search for your desired user
  3. To the left of the Name column of your desired user, click the ellipses icon
  4. Click Manage roles
  5. Under Security, select your desired user roles (or mark Make Admin to grant Admin access)
  6. Under Product security, click the Grant access for the product you wish to grant the user Database View access
  7. Click Link ot an existing user instead
  8. Click into the Find user field
  9. Search for and select the user's RE username
  10. Click Save

How to change the RE7/FE7 user linked to a Blackbaud account
  1. In Web View, click Control Panel>Security
  2. On the Users tab, search for your desired user
  3. To the left of the Name column of your desired user, click the ellipses icon
  4. Click Manage roles
  5. Scroll to the Raiser's Edge or Financial Edge database view panel
  6. Click the icon to the right of the linked RE/FE username
  7. Click into the Find users field
  8. Type the desired RE/FE username
  9. Select the desired RE/FE username
  10. Click Save

I have a user who has confirmed her invitation, but still can't access RE NXT/FE NXT/LO BO Beta. Why?
When a user is invited to Blackbaud.com and RE NXT/FE NXT/LO Beta, the user is sent an email with the subject line, You have been invited to Blackbaud! 
 
Inbox subject line

In this email, there is a Confirm invitation button. The user must click on this button and sign in with their Blackbaud.com account. If the user does not yet have a Blackbaud.com account, they must create an account. 
email content

Once the user has created their Blackbaud.com account, they will receive an email with the subject line, Please confirm your Blackbaud ID email address.

inbox subject line - BBID confirmation

In this email, there is a Confirm email button. The user must click on this button and sign in with their Blackbaud.com account.

email content - confirm email

If the user does not confirm both emails, the user will not be able to access RE NXT/FE NXT/LO Beta.
  This means the following:
  1. The user is already linked to another Blackbaud ID
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, change the filter drop-down to All
    3. Look in the Raiser's Edge NXT or Financial Edge NXT account column of the listed users to identify which user is linked to the RE7/FE7 user
  2. The RE7 username doesn't exist
    1. In Database View, navigate to Admin>Security
    2. Under the Users section, double-click on the desired user
    3. Note the value populated in the User name field; this is the value you will need to type in the Find user field when linking the user's Blackbaud accout to the RE7/FE7 user account
 
  • To remove access to Database View, but keep Web View access:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the existing user
    3. Click the ellipses icon 
    4. Select Manage roles
    5. Under the Product security section, unmark the Raiser's Edge or Financial Edge database view checkbox
    6. Click Save
  • To remove access to all Blackbaud ID-integrated products:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the existing user
    3. Click the ellipses icon 
    4. Click Mark inactive
  1. In Web View, navigate to Control Panel>Security
  2. Click on the Roles tab
  3. Under the specific feature's panel, click the + icon
  4. Type a name for the role in the Name field
  5. Mark your desired permissions
  6. Click Save
  1. In Web View, navigate to Control Panel>Security
  2. On the Users tab, navigate to the existing user
  3. Click the ellipses icon 
  4. Select Manage roles
  5. Under the Security section, mark the checkboxes for the features the user should have permission to access
  6. Under each selected feature panel, select your desired role
  7. Click Save
  1. In Web View, navigate to Control Panel>Security
  2. Click on the Roles tab
  3. Navigate to the role you wish to edit
  4. Click the ellipses icon
  5. Click Edit role
  6. Make your desired changes
  7. Click Save
  • If this behavior occurs for specific users:
    1. In Web View, have user with Admin access navigate to Control Panel>Security
    2. Navigate to the affected user
    3. To the left of the Name column, click the Ellipses icon
    4. Select Manage roles
    5. Confirm the user has the correct role selected under each feature the user should have permission to access
    6. Under the Product security section, ensure there is a user linked
    7. Click Save
    8. Click the Roles tab
    9. For each role the user is assigned to, click the ellipses icon and select Edit role
    10. Confirm the role has the correct permissions configured
    11. Click Save
  • If this occurs for all users, including users with Admin access in Web View
    1. Follow the steps in How to find my Environment ID for NXT Web View and note down your Environment ID
    2. Add the Environment ID noted down in Step 1 to the end of the following URL: https://host.nxt.blackbaud.com/permissions/?svcid=renxt&envid=
    3. Have any user with Admin access in Web View navigate to the URL noted down in Step 2
    4. If a user can successfully access this URL, follow the steps in How to invite a user for each impacted user
 
I have access to Admin>Security in Database View, but I do not have access to Control Panel>Security in Web View; why?

By default, only users with Supervisor rights in Database View will be migrated to Control Panel>Security when they log into Web View.

To grant a user Admin access in Web View, complete the following steps:
  1. In Web View, navigate to Control Panel>Security
  2. Navigate to the affected user
  3. To the left of the Name column, click the Ellipses icon
  4. Select Manage roles
  5. Mark the Make admin checkbox
  6. Click Save
I have factory reset my Raiser's Edge NXT or Financial Edge NXT database; what do I need to do for users to re-gain access?

When a database with Permissions UI is factory restored, a new invitation email will be sent to the bootstrap user. Once the bootstrap user confirms their invitation, they will need to complete the following steps to grant their users access to Web View again:
  1. In Web View, navigate to Control Panel>Security
  2. On the Users tab, note down what username is listed on the Raiser's Edge NXT or Financial Edge NXT account column for each user
  3. For each user, complete the following steps
    1. To the left of the Name column, click the ellipses icon
    2. Click Manage roles
    3. Scroll to the Product security panel
    4. Mark the Raiser's Edge or Financial Edge database view checkbox
    5. Click Link to an existing user instead
    6. Search for the RE7/FE7 username noted down in Step 2
    7. Click Save
Why are there more users in the user list than users in Raiser's Edge NXT or Financial Edge NXT?

The Users tab will show any user with a Blackbaud ID that is linked to the organization; not just NXT users.

Why are there less users in the user list than users in Database View?

Not all users from Database View will migrate over to Web View.
  • The user has Selected group rights on their user account in Database View, but is not assigned to a user group
  • The user has Selected group rights on their user account in Database View and is assigned to a user group, but the user group has no permissions configured
 
Why do I have fewer roles in the Web View than security groups in database view?

Not all security groups in the database view will have a corresponding role in the web view.
  • Only security groups with permissions configured in Control Panel>Security of Web View migrate to the Roles tab
  • Security groups with only inactive users will not migrate to the Roles tab.
  • If multiple security groups have the same permissions configured in Control Panel>Security of Web View, they will be combined into a single role in Web View, regardless of how the security group's permissions are configured in Admin>Security of Database View

I updated my Name and/or Email Address on Blackbaud.com, but Admin Console and Control Panel>Security do not display my updated Name or Email Address. Why? 

Updates to your user profile on Blackbaud.com WILL NOT update in Admin Console and Permissions UI. If names/email addresses are changed on your Blackbaud ID profile, Admin Console will still reflect the original name and email address that was entered when your invitation was sent.

My database is hosted in BBSKY and after inviting a user and confirming their invitation, they are prompted to a login screen when when opening Database View

The Windows Authentication configuration occurs when the user confirms their invitaiton sent through Control Panel>Security.

If a user is invited to Blackbaud.com through Admin Console and then linked to their RE username in Control Panel>Security within the product, they will not get an invitaiton email and won't have Windows Authentication configured for their user account. 

If the user is a brand new user to your organization and they need to be given access to your products that utilize Permissions UI, they must be invited through Control Panel>Security and NOT Admin Console.

Additional documentation: