Granular 3D printer permissions, built for teams that share printers

The SimplyPrint permission system

Organization Print Farm Plan School Plan

168 granular permissions, grouped into reusable ranks, scoped per-printer where it makes sense, and audited end to end. Build the exact split of responsibilities your team needs - from a read-only viewer to a queue approver to a full account admin.

View Multi-Users overview Kom gratis i gang
Feature image

One toggle per action - not one big admin / non-admin switch

Most platforms give you two roles - admin and user - and call it a day. We give you 168 individual permission toggles, because real teams don't fit a two-row table. The person who manages your filament shouldn't be able to delete printers. The student who slices their own models shouldn't be able to edit organisation slicer profiles. The intern who clears beds shouldn't be able to send raw G-code.

Feature image

Ranks: reusable roles that bundle permissions

A rank is a named role - "Operator", "Filament admin", "Teacher", "Read-only viewer" - that bundles together a set of permissions. Assign a rank to a user and they get every permission in that bundle. Change the rank, and every user who has it updates instantly.

SimplyPrint ships with sensible default ranks for most setups (admin, member, viewer and a few more), but the real power is building your own:

  • Clone a default rank and tweak it
  • Build a brand new rank from scratch with only the permissions you want
  • Mark a permission as tri-state so individual users can override it
  • Reorder ranks by seniority so peers can't promote themselves above their own rank

The full permission matrix

When you edit a rank, you get the full permission matrix in one scrollable view. Permissions are grouped by domain - printer management, queue, files, slicer, filament, maintenance, webhooks, API, account admin, school - so you can see at a glance what a rank can and can't do.

Every permission has a tooltip explaining exactly what it controls in plain English. No guessing what queue_approve_view_all means - the matrix tells you.

Feature image

What you can control - the permission categories

The 168 permissions split into roughly a dozen domains. The headlines:

  • Printers: add, edit, delete, restart, emergency-stop, bed-level, baby-step, send raw G-code, see cameras, control fans and motors
  • Queue: add, reorder, edit other people's items, approve, skip approval, see done items, revive done items, assign printers
  • Files: upload, organise into folders, assign material and nozzle tags, tag with custom fields
  • Slicer: over 25 dedicated slicer permissions - change engine, change bed type, change profiles, paint colours, auto-arrange, auto-rotate, simplify, measure, see default profiles, save org profiles
  • Filament: create, change, mark as dried, adjust weight, manage locations, manage labels, scan barcodes and NFC, view all print jobs that used a spool
  • Maintenance: view, manage tasks, complete tasks, manage inventory, report problems
  • Account admin: manage users, invite, change ranks, manage subscription, manage webhooks, manage API keys, manage custom fields, manage feature unlocks
  • School: set a user as teacher, change school class assignments, manage school settings
  • Quotas: manage quotas, approve quota requests, manage user balance, refund quota
  • Compliance: view audit log, manage DPA, manage access & security settings

Common rank patterns we see customers build

A few rank templates that show up again and again:

  • Read-only stakeholder - can see printers, the queue and print history, but can't start, cancel or change anything. Great for managers, parents at open house or clients who want a window into production.
  • Queue approver - can approve and reorder the queue, see all queued items, and start prints - but can't edit printer settings or manage users.
  • Filament admin - full filament inventory access (create, edit, mark dried, manage locations, scan NFC) but no printer or queue permissions beyond viewing.
  • Trusted operator - everything a daily print-farm operator needs (start, cancel, clear bed, manage queue, change filament) without account-admin or billing access.
  • Restricted slicer student - can slice with pre-set profiles only - no engine change, no bed-type change, no profile editing - and can queue prints but not start them directly.
Each one is built from the same matrix - just different toggles.

Per-printer access: not every rank sees every printer

Permissions answer "what actions can this user take?". Per-printer access answers "on which printers?". A rank can be limited to specific printers, specific printer groups or specific printer models - and you can decide whether users in that rank even see the printers they don't have access to, or whether those printers are hidden entirely.

That's how a school runs middle-school printers separately from high-school printers on a single account, or how a print farm gives a third-party operator access to a single line of printers without exposing the rest of the farm.

Every action is logged - so permissions are auditable

Permissions only matter if you can verify they're being respected. The account audit log records every action a user takes - logins, prints started, files uploaded, settings changed, ranks reassigned, permissions toggled - against the user account that performed it.

The audit log is included on the Education and Enterprise plans. CSV export is an Enterprise feature, useful for compliance reviews, IT investigations and end-of-quarter reports.

Learn more about account management
Feature image

What a blocked user actually sees

Permissions don't just hide menu items. When a student (or any restricted user) tries an action their rank doesn't allow, SimplyPrint shows a clear permission-denied message that names the missing permission and points them at the right person to ask. No mystery 404s, no broken-looking buttons - just a polite "your rank can't do this; talk to your teacher".

Part of the multi-user system

Permissions and ranks sit underneath the broader multi-user platform. If you're after the bigger picture - how users get invited, how the team page works, how quotas and queue approval fit together - head back to the multi-user overview.

Back to the multi-user overview

Frequently asked questions

Over 160 today, and growing. Every new feature we ship gets its own dedicated permission rather than being lumped under a generic "admin" flag - that's why the count keeps climbing. The full list is visible in the rank-edit matrix at any time.
Yes. Every permission in the rank-edit matrix has a tooltip explaining what it controls. We deliberately keep the descriptions in plain English rather than referring to internal endpoint names - the goal is for a non-technical admin to be able to build a rank without having to read the source code.
Yes, when the rank allows it. Permissions can be set as tri-state - on, off or "inherit from rank with per-user override allowed". This lets you build a rank as a baseline and tweak individual users without having to clone the rank for every exception.
Yes. Ranks are ordered, and the assign-peer-rank permission controls whether a user can assign other users to their own rank. By default, users can only assign ranks below their own - so a teacher can't accidentally make a student into an admin, and an operator can't promote themselves into the account owner.
API keys are scoped per-user, and inherit the user's permissions. A read-only viewer's API key can only call read-only endpoints. A queue-approver's key can approve queue items but can't manage users. There's also a dedicated org_api permission for managing the account's API keys.
Yes. Each rank can be scoped to specific printers, printer groups or printer models, and you can choose whether users in that rank even see the printers they don't have access to. Useful for shared accounts where different teams own different printers.
The permission system is part of the core multi-user feature - it's available on Print Farm, Education and Enterprise. Free, Basic, Pro, Cloud Slicer and Filament Manager are single-user plans, so there's nobody else to set permissions for.

Table of Contents