How I helped enterprises in securely managing roles and access workflows

Jump to Solution Case Study
  • B2B SaaS
  • Role-Based Access Control
  • Design & product strategy
  • User research
  • Visual design
  • Usability testing

My role

I was responsible for user research, design strategy, creating mockup designs, prototyping, conducting usability testing, and gathering customer and product team feedback.

Context

Consider that a large company employing the large number of people uses a content management system (CMS) for various purposes such as incentive administration, chat management, content editing, and more. Based on their roles, different account types in the CMS require different kinds of access.

To ensure security and reliability in your business operations, it's crucial to manage these roles and access permissions effectively. We address this critical need in our B2B solution by introducing the Role-Based Access Control (RBAC) feature.

Problem

Due to the current system's inability to effectively manage CMS users' permissions and roles, our clients must reach out to LiveLike staff for assistance. This has resulted in an increase in requests in numerous situations.

Goal

Develop and implement a comprehensive Role-Based Access Control (RBAC) system that addresses the identified issues, providing a secure, scalable, and efficient way to manage user permissions and roles within the LiveLike platform.

Target audience

The target users of LiveLike are content editors, marketing teams, and other professionals within sports and entertainment broadcasting enterprises, who utilize the platform for a variety of purposes.

Success metrics

Reduction in customer requests for role and permission updates.

Implementation of distinct roles with specific permissions for each role.

Enhanced user-friendly experience.

Scalability to accommodate access for future features.

User research

Based on user interviews and surveys, Identified a crucial need for the CMS to include predefined user roles that are commonly used, along with the flexibility for users to create custom roles to suit their specific permissions. Some of the default roles identified are Admin, Chat Moderator, and Data Analyst.

Brainstorming ideas

Held several brainstorming sessions involving key stakeholders to generate ideas and solutions for the RBAC system. The key points discussed include:

  • Creating a user role along with it’s accesses
  • Introduce a few default roles
  • Duplicate, Edit, Delete, and Archive actions for a role
  • Custom roles can only be edited
  • Assigning the role to the CMS user
  • See all users as part of a role
  • Admin has full control of RBAC

User flow

How an admin can create a custom role and set permissions within the LiveLike CMS.

userflow-1

How an admin assigns a role to a particular user.

userflow-2

How an admin removes a user from a role.

userflow-3

Designs

Roles & Access page

roles

Admins can view roles (default and custom), search and sort roles, navigate to archived roles, and create new roles.

Create a role

create-role

While creating a role, an admin can:
- Name the role, CMS will validate the name is unique to avoid duplication
- Add a description of the role
- Role IDs are automatically generated for seamless integration. A copy button allows admins to easily copy the ID for further use
- Configure feature access for the role
- The "Create" button is only enabled if all validation and mandatory fields have been filled

Role created successfully

roles-created-successfully

Upon creating a new role, admins will receive visual confirmation through a success toast notification. The newly created role will be automatically added to the list and clearly identified with a "Custom" tag.

Edit & View Role

edit-view-role

Clicking a role on the main screen directs admins to a dedicated view & edit role page. Here, admins can modify permissions and other role attributes. The "Update" button remains disabled until changes are made.

List of Users in a Role

manage-users

Admin can view a list of users assigned to a role, including their email addresses and assigned dates.

Find the users

searching-user

An admin can find users and add new users or remove existing users from this interface. Also indicates users who are already assigned.

Select multiple users

adding-user

Save time by assigning a role to multiple users simultaneously

Users added

successfully-added-user

Adding or removing users will automatically update the list, followed by a confirmation message for 3 seconds.

Archived roles

archived-roles

Temporarily disable roles by archiving them

More action on a role

more-actions

- Edit Roles: Make adjustments to existing roles
- Duplicate Roles (Save Time): Quickly copy a role's settings and modify just the specifics you need
- Archive Roles (Temporarily Disable): Hide roles you don't need right now, but keep them accessible later
- Delete Roles (Remove permanently): Remove roles you no longer require

Conclusion

After conducting usability tests and survey, we received positive feedback from the customers, who found the RBAC system intuitive and easy to navigate. The predefined roles and the ability to create custom roles were particularly appreciated. Customers also reported that the process of assigning and managing roles significantly reduced their workload and improved their overall efficiency.

The tests confirmed that the new system met the success metrics, including a reduction in customer support requests and a more user-friendly experience. These insights have validated our design choices and provided additional areas for future improvements.