Support Forums

User Role Questions

Hello, still evaluating Netlify versus Azure Static Web Apps.

Few questions and thank you for your help in advance,

  1. At what tier do we get user roles (using NetlifyID)?
  2. Is there a limit to how many users with custom roles can be added to the site (using NetlifyID) ?
  3. Can we have users be assigned a role at signup time (without invitations) (using NetlifyID)?
  4. It appears that user roles can be pulled from JWT on Functions-side (using NetlifyID)…this correct?

Anything else I should know?

Again thanks in advance fo ryour help.


Hi @lushdog,

Hope these answers help:

It’s available on all plans including Starter.

None as such, but the number of users do have a limit when using it for free.

Yes, by using identity-signup even in a serverless function and then following the Update a use guide here:

Yes, you can access the entire user object including the role inside Netlify Functions. When invoking the function, you need to pass an Authorization header and you can access it in context object of the function.

If you’ve a particular use case in mind, we can guess what might be the potential shortcomings.

Other than that, there’s a part of the billing which confuses users: Active or Invite users are counted during a billing cycle even if you delete them. So for example:

If you’ve invited 4 members already (free version of identity has 5 invite-only members), you can invite 1 more member. However, if you delete 1 member from those 4 that you had, you’d think you now have 3 members and thus, if you invite 2 more, the system will count that as 6 members (4 + 2). Thus, it’s important to know this while using non-unlimited Identity. This count resets on the billing cycle, so if you had deleted a member from those 4, after the billing cycle ends, the count will go down to 3 and you can now invite 2 more.

Thank you so much for the info.

When you (and the pricing page) refer to members are you referring to people on my dev team or people who have registered + invited (by invitation or by automation)?

In terms of the authorization header that needs to be sent to the serverless function im assuming I can construct that via token etc received after the user logs in correct?

The latter, Identity users are different from the users in your team.

Yes, if you use Netlify identity Widget, you can get the token as:

netlifyIdentity.on('login', user => {
  console.log(user.token.access_token) // if I recall correctly

You can always check user object to see what the actual object is.