This skill should be used when the user is building or reviewing role-based access control (RBAC), invitation flows, settings pages, admin panels, or feature gating. Covers the hide/disable/reduce strategy for restricted features, RBAC progression, account vs workspace settings separation, and invitation UX.
npx claudepluginhub oborchers/fractional-cto --plugin saas-design-principlesThis skill uses the workspace's default tool permissions.
Every user should see exactly what they need to get their job done — no more, no less.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Every user should see exactly what they need to get their job done — no more, no less.
All three are needed — choose per feature:
| Strategy | When to Use | Example |
|---|---|---|
| Hide completely | Entire section irrelevant to the role | Admin-only billing section hidden from members |
| Show but disable (with tooltip) | User should know the feature exists — upsell path | Plan-gated feature with "Upgrade to Pro" tooltip |
| Show with reduced functionality | Read access appropriate, write access isn't | View-only dashboard for member role |
Follow WorkOS's practical progression, building incrementally:
Key UX guardrail: Expose permission bundles that map to real product concepts, not 40 atomic checkboxes. Enforce limits like "max 20 custom roles per tenant" to prevent configuration chaos.
Three mechanisms are needed:
Admin enters addresses, sets access level before sending.
For bulk invitations. Support expiration dates and domain restrictions.
Accounts auto-created on first login.
Invitation email must include:
Differentiate onboarding for invited users — they get a shorter, different flow because context already exists.
Clean split between two concerns:
| Settings Type | Belongs To | Examples |
|---|---|---|
| Account settings | The person | Profile, password, notifications, appearance |
| Workspace settings | The organization | Members, billing, integrations, security policies |
Never mix them.
Layout: Sidebar navigation + content area. This is the standard used by GitHub, Linear, and Vercel.
Avoid tab-based settings when there are more than 5–6 categories — tabs don't scale.
Two-column layout (Shopify Polaris pattern):
When reviewing or building permissions and settings: