figma guide

Designing team member roles and permissions UI in Figma: invites, RBAC, and admin settings

Design team member roles and permissions UI in Figma with invite flows, role pickers, permission matrices, seat management, and Dev Mode specs for B2B admin settings.

Published
Updated
Jul 10, 2026
Read time
8 min
Level
Intermediate

Quick answer

Team roles and permissions control who can view, edit, billing, or admin your product—usually under Settings → Team, Organization → Members, or Workspace → People. Design a member list with avatar, name, email, role badge, status (active/pending), and actions; an invite flow with email, role picker, optional message, and seat limit warning; plus a permissions matrix or role detail page explaining what each role can do. Gate destructive actions (remove member, change to Admin, transfer ownership) with confirmation and re-auth. Cross-link SSO when invites are disabled by policy. Start from the Figma guides hub and pair with Dev Mode handoff for role enum specs.


Who this is for

  • Product designers building B2B SaaS admin settings, workspace management, and org dashboards.
  • Design system teams standardizing role badges, invite modals, and permission tables across admin surfaces.
  • Engineers implementing RBAC, SCIM provisioning, seat billing, and audit trails for membership changes.

Roles vs groups vs direct permissions

ModelWhat it isBest forUI pattern
Fixed rolesAdmin, Member, ViewerSmall teams, simple productsRole dropdown per user
Custom rolesAdmin-defined permission bundlesEnterprise, granular controlRole builder + matrix
Groups / teamsCollections of usersLarge orgs, department accessGroup list + member assignment
Resource-level ACLPer-project or per-folder accessDesign tools, document productsShare modal + inherited roles

Verdict: start with 3–5 fixed roles in v1. Add custom roles only when enterprise customers need them—otherwise the permission matrix becomes unmaintainable in design and code.


Member list row anatomy

PartSpecNotes
AvatarPhoto or initialsPending invites show envelope icon
Name + emailPrimary + secondary lineSSO users may hide email
RoleBadge or dropdownAdmin-only can change
StatusActive / Pending / SuspendedPending shows “Invited 3d ago”
Last activeRelative timeOptional for security review
ActionsChange role, Resend invite, RemoveOverflow menu on mobile
TeamMemberRow
├── Variant: status=active | pending | suspended
├── Variant: role=owner | admin | member | viewer | billing
├── Variant: ssoManaged=true | false
└── Layers:
    ├── Avatar
    ├── NameEmailStack
    ├── RoleBadge (or RoleSelect if editable)
    ├── StatusChip (pending only)
    ├── LastActiveMeta
    ├── SsoManagedLabel (conditional)
    └── ActionMenu

SSO-managed members: disable role dropdown or show “Managed by your identity provider” with link to SSO settings. Manual invite may be blocked when SSO is enforced.


Invite member flow

StepUIValidation
1. Email(s)Single or comma-separatedValid email; dedupe
2. RoleRadio or select with descriptionsDefault Member
3. Message (optional)TextareaMax 500 chars
4. Seat check”Using 8 of 10 seats”Block or upsell if at limit
5. SendPrimary buttonToast + pending row in list
6. Confirmation”Invitation sent to jane@…”Resend + Cancel invite links

Role picker with descriptions:

RoleShort descriptionShow in picker
AdminManage team, billing, and all content⚠️ icon
MemberCreate and edit assigned resourcesDefault
ViewerRead-only access
BillingInvoices and payment methods onlyOptional split role

Link Learn about roles to expandable matrix or dedicated permissions page—do not rely on tooltip alone for Admin vs Member distinction.


Permissions matrix

PermissionOwnerAdminMemberViewerBilling
Invite members
Change roles✓*
Delete workspace
Manage billing
Create content
View content
Manage API keys
View audit log

*Admin cannot promote to Owner or remove Owner without transfer flow.

Render as accessible table with row headers (permissions) and column headers (roles). Use ✓ / — or “Allowed” / “Not allowed” text—not color alone. Mobile: collapse to role detail page with bulleted permission list.


Change role and remove member

ActionConfirmationExtra gate
Promote to AdminModal: lists new capabilitiesOptional re-auth
Demote from AdminModal: “They will lose billing access”
Remove memberType email or name to confirmRe-auth for Admin removal
Transfer ownershipMulti-step: select new owner, confirmCurrent owner loses Owner role
Cancel pending inviteSimple confirmNone

Remove member modal copy: “Jane Doe will lose access immediately. Shared projects they own will transfer to you.” Surface content ownership rules—designers must align copy with product policy.

Log all membership changes to audit log: invite sent, role changed, member removed, ownership transferred.


Seat management and billing tie-in

UI elementPurpose
Seat counter”8 / 10 seats used” in header
At-limit banner”Add seats to invite more members” → billing
Pending invites countCount toward seats or not—state clearly
Remove seatDowngrade flow; may require removing members first

Pair with account dashboard and checkout if seats are purchasable. Pending invite rows should show whether they consume a seat: “Reserved seat until invite expires.”


Empty, error, and policy states

StateCopy / UI
Solo workspace”Invite teammates” hero + benefits
Invite failed (duplicate)“Already a member”
Invite failed (domain blocked)“Your org only allows @company.com”
SSO-only orgHide invite; “Members join via SSO”
Insufficient permission”Ask an admin to change roles”
Suspended memberGray row; Admin can reactivate

When session timeout or 2FA is required for admin actions, show step-up before role change completes.


Admin settings page layout

SectionContents
Header”Team members” + seat counter
Invite buttonPrimary; disabled at seat limit with tooltip
Search / filterBy name, email, role, status
Active membersSortable table
Pending invitationsSeparate section with expiry date
Roles & permissionsLink to matrix or custom role builder
SSO / SCIMLink to enterprise login

Place in Organization settings for B2B products—not buried inside personal account dashboard profile. Owner actions (transfer ownership, delete org) live on a separate Danger zone section.


Handoff checklist

ItemDev Mode annotation
Role enumExact strings: admin, member, viewer
Permission flagsFull list mapped to roles
Invite expiryDays until pending invite lapses
Seat counting rulesPending included Y/N
SSO overrideWhich fields read-only when SCIM
Audit eventsinvite_sent, role_changed, member_removed
a11yRole dropdown accessible; matrix has scope headers
MobileTable → card list breakpoint

For custom roles (v2), annotate role builder: name, description, permission checkboxes, and “Based on Member” template.


Common mistakes

MistakeWhy it hurtsFix
Role change without confirmationAccidental Admin promotionModal for Admin/Owner
No pending invite sectionAdmins forget outstanding invitesSeparate list with resend
Permission matrix hidden in docsWrong role assignedIn-product matrix link
Remove member one-clickDisgruntled admin locks out teamTyped confirm + re-auth
Seats unclear for pendingBilling disputesState seat reservation rules
SSO users editable like localIdP conflict on next syncRead-only + “Managed by SSO”
Viewer can export dataData leakExplicit export permission row
No audit trailCompliance failureLog to security activity

  1. Define roles with product and engineering—cap at 5 for v1.
  2. Design member list row with role badge and pending state.
  3. Build invite modal with role picker and seat warning.
  4. Create permissions matrix page linked from invite flow.
  5. Add change role, remove, transfer ownership with confirmations.
  6. Wire audit events to security activity log.
  7. Handle SSO-managed read-only states.
  8. Prototype at-seat-limit upsell and pending invite expiry.

FAQ

Owner vs Admin—what’s the difference?

Owner is typically one per workspace: billing liability, delete org, transfer ownership. Admin manages members and settings but cannot delete the org or remove Owner without transfer.

Should Members invite other Members?

Product decision. If yes, show permission in matrix. If no, disable invite button with “Contact an admin” for non-admins.

Custom roles in v1?

Usually no. Ship fixed roles first; enterprise can request custom RBAC in v2 with a role builder.

How do guest or external collaborators fit?

Separate role (Guest) or resource-level share outside the member list—do not mix guests into seat-counted members without clear UI distinction.

SCIM provisioning UI?

Minimal: show “Members synced from Okta” banner, last sync time, link to IdP docs. Do not duplicate full member CRUD when SCIM is source of truth.


Next steps

Share on X

§ Keep reading

Related guides.