What is Permissions UI?

Permissions UI (or Roles-based security) is the new permissions interface for NextGen Blackbaud products. Permissions UI centralizes all users with a Blackbaud ID associated with an organization. This means that all of of an organization's users (and not just Raiser's Edge NXT) that log into Blackbaud's website with a Blackbaud ID now appear in the same list of users.

To determine a user's level of access to your feature areas, you now apply roles to users. Roles couple tasks with permissions to establish access to Web View-specific features.

How to tell if a customer has role-based Permissions or group-based security
  1. Via Control Panel>Security
    1. In Web View, have a Supervisor user navigate to Control Panel>Security
    2. Look at the tabs on the screen
  • If the user sees tabs that say, UsersNeed invitationAwaiting responseRegisteredSecurity groups,  they have Group-based security
Group-based security
Roles tabs​​​
 
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the Raiser's Edge NXT account column
RE NXT user

How to tell what roles a user is assigned​
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the FundraisingAnalyze, and Marketing columns to determine which roles are assigned
Roles Assignements
 
  1. Via Control Panel>Security
    1. Navigate to Control Panel>Security
    2. On the Users tab, navigate to the row with the user's information
    3. Look in the Email column
Email
 
 
  • Active and invitation sent: Any user who meets any of the following criteria:
    1. Has an active Blackbaud ID that is associated with the organization
    2. Has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
  • Active only: Any user who has an active Blackbaud ID that is associated with the organization
  • Invitation sent only: Any user who has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
  • Inactive only: Any user who previously had an active Blackbaud ID that was associated with the organization, but has since been dissociated from the organization
  • All: Any user who meets the following criteria:
    1. Has an active Blackbaud ID that is associated with the organization 
    2. Has been invited to Blackbaud.com by the organization, but has not yet confirmed their invitation
    3. Previously had an active Blackbaud ID that was associated with the organization, but has since been dissociated from the organization
 
  • Active: The user has an active Blackbaud account that is associated with the organization
  • Inactive: The user has a Blackbaud account associated with the organization, but they are an inactive user and no longer have access to the organization's environments
  • Invitation sent: The user has been invited to Blackbaud.com, but has not yet confirmed their invitation
 
  • If the Status column of the user's account says Invitation sent, they can be deleted from the Users tab by completing the following steps:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the desired user
    3. To the left of the Name column, click the ellipses icon
    4. Click Make inactive
    5. When presented with the Are you sure you want to make the user’s Blackbaud ID inactive for all its Blackbaud solutions? prompt, click Make inactive
  • If the Status column of the user's account says Active or Inactive, the user cannot be deleted from the Users tab
 
  • If the user has an existing RE7 username
    • If the user is an existing user on the Users tab:
      1. In Web View, navigate to Control Panel>Security
      2. On the Users tab, navigate to the existing user
      3. Click the ellipses icon 
      4. Click Manage roles
      5. Under the Product security section, mark the Raiser's Edge database view checkbox
      6. In the Raiser's Edge database view box, click Link to an existing user instead
      7. Type the user's RE7 username into the Find user field
      8. Select the user
      9. Click Save
    • If the user is not an existing user on the Users tab:
      1. In Web View, navigate to Control Panel>Security
      2. On the Users tab, click Add user
      3. Type the user's name into the Name field 
      4. Select your desired options under the Security section
      5. Under the Product security section, mark the Raiser's Edge database view checkbox
      6. In the Raiser's Edge database view box, click Link to an existing user instead
      7. Type the user's RE7 username into the Find user field
      8. Select the user
      9. Click Save
  • If the user does not have an existing RE7 username
    • If the user is an existing user on the Users tab:
      1. In Web View, navigate to Control Panel>Security
      2. On the Users tab, navigate to the existing user
      3. Click the ellipses icon 
      4. Click Manage roles
      5. Under the Product security section, mark the Raiser's Edge database view checkbox
      6. Click Choose security groups
      7. Select the desired user group
      8. Click Select
      9. Click Save
    • If the user is not an existing user on the Users tab:
      1. In Web View, navigate to Control Panel>Security
      2. On the Users tab, click Add user
      3. Type the user's name into the Name field 
      4. Select your desired options under the Security section
      5. Under the Product security section, mark the Raiser's Edge database view checkbox
      6. Click Choose security groups
      7. Select the desired user group
      8. Click Select
      9. Click Save 

I have a user who has confirmed her invitation, but still can't access RE NXT/FE NXT/LO BO Beta. Why?
When a user is invited to Blackbaud.com and RE NXT/FE NXT/LO Beta, the user is sent an email with the subject line, You have been invited to Blackbaud! 
 
Inbox subject line

In this email, there is a Confirm invitation button. The user must click on this button and sign in with their Blackbaud.com account. If the user does not yet have a Blackbaud.com account, they must create an account. 
email content

Once the user has created their Blackbaud.com account, they will receive an email with the subject line, Please confirm your Blackbaud ID email address.

inbox subject line - BBID confirmation

In this email, there is a Confirm email button. The user must click on this button and sign in with their Blackbaud.com account.

email content - confirm email

If the user does not confirm both emails, the user will not be able to access RE NXT/FE NXT/LO Beta.
  This means the following:
  1. The user is already linked to another Blackbaud ID
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, change the filter drop-down to All
    3. Look in the Raiser's Edge NXT account column of the listed users to identify which user is linked to the RE7 user
  2. The RE7 username doesn't exist
    1. In Database View, navigate to Admin>Security
    2. Under the Users section, double-click on the desired user
    3. Note the value populated in the User name field; this is the value you will need to type in the Find user field when linking the user's Blackbaud accout to the RE7 user account
 
  • To remove access to Database View, but keep Web View access:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the existing user
    3. Click the ellipses icon 
    4. Select Manage roles
    5. Under the Product security section, unmark the Raiser's Edge database view checkbox
    6. Click Save
  • To remove access to all Blackbaud ID-integrated products:
    1. In Web View, navigate to Control Panel>Security
    2. On the Users tab, navigate to the existing user
    3. Click the ellipses icon 
    4. Click Mark inactive
  1. In Web View, navigate to Control Panel>Security
  2. Click on the Roles tab
  3. Under the specific feature's panel, click the + icon
  4. Type a name for the role in the Name field
  5. Mark your desired permissions
  6. Click Save
  1. In Web View, navigate to Control Panel>Security
  2. On the Users tab, navigate to the existing user
  3. Click the ellipses icon 
  4. Select Manage roles
  5. Under the Security section, mark the checkboxes for the features the user should have permission to access
  6. Under each selected feature panel, select your desired role
  7. Click Save
  1. In Web View, navigate to Control Panel>Security
  2. Click on the Roles tab
  3. Navigate to the role you wish to edit
  4. Click the ellipses icon
  5. Click Edit role
  6. Make your desired changes
  7. Click Save
  • If this behavior occurs for specific users:
    1. In Web View, have user with Admin access navigate to Control Panel>Security
    2. Navigate to the affected user
    3. To the left of the Name column, click the Ellipses icon
    4. Select Manage roles
    5. Confirm the user has the correct role selected under each feature the user should have permission to access
    6. Under the Product security section, ensure there is a user linked
    7. Click Save
    8. Click the Roles tab
    9. For each role the user is assigned to, click the ellipses icon and select Edit role
    10. Confirm the role has the correct permissions configured
    11. Click Save
  • If this occurs for all users
    1. Follow the steps in How to find my Environment ID for NXT Web View and note down your Environment ID
    2. Add the Environment ID noted down in Step 1 to the end of the following URL: https://host.nxt.blackbaud.com/permissions/?svcid=renxt&envid=
    3. Have any Site administrator at your organization or RE user with Supervisor rights in Database View navigate to the URL noted down in Step 2
    4. If a user can successfully access this URL, follow the steps in How to invite a user for each impacted user
I have access to Admin>Security in Database View, but I do not have access to Control Panel>Security in Web View; why?

By default, only users with Supervisor rights in Database View will be migrated to Control Panel>Security when they log into Web View.

To grant a user Admin access in Web View, complete the following steps:
  1. In Web View, navigate to Control Panel>Security
  2. Navigate to the affected user
  3. To the left of the Name column, click the Ellipses icon
  4. Select Manage roles
  5. Mark the Make admin checkbox
  6. Click Save
I have factory reset my Raiser's Edge NXT database; what do I need to do for users to re-gain access?

When a database with Permissions UI is factory restored, a new invitation email will be sent to the bootstrap user. Once the bootstrap user confirms their invitation, they will need to complete the following steps to grant their users access to Web View again:
  1. In Web View, navigate to Control Panel>Security
  2. On the Users tab, note down what username is listed on the Raiser's Edge NXT account column for each user
  3. For each user, complete the following steps
    1. To the left of the Name column, click the ellipses icon
    2. Click Manage roles
    3. Scroll to the Product security panel
    4. Mark the Raiser's Edge database view checkbox
    5. Click Link ot an existing user instead
    6. Search for the RE7 username noted down in Step 2
    7. Click Save
Why are there more users in the user list than users in Raiser's Edge NXT?

The Users tab will show any user with a Blackbaud ID that is linked to the organization; not just NXT users.

Why are there less users in the user list than users in Database View?

Not all users from Database View will migrate over to Web View.
  • The user has Selected group rights on their user account in Database View, but is not assigned to a user group
  • The user has Selected group rights on their user account in Database View and is assigned to a user group, but the user group has no permissions configured
Why do I have fewer roles in the Web View than security groups in database view?

Not all security groups in the database view will have a corresponding role in the web view.
  • Only security groups with permissions configured in Control Panel>Security of Web View migrate to the Roles tab
  • Security groups with only inactive users will not migrate to the Roles tab.
  • If multiple security groups have the same permissions configured in Control Panel>Security of Web View, they will be combined into a single role in Web View, regardless of how the security group's permissions are configured in Admin>Security of Database View

Additional documentation: