UI/UX Case Study — How I helped enterprises in securely managing roles and access workflows

Managing user access and permissions in a B2B SaaS platform is crucial for maintaining security, data integrity, and efficient collaboration. Role-Based Access Control (RBAC) is a widely adopted approach that authorizes and restricts system access based on user roles within an organization.

LiveLike RBAC

B2B SaaS, Role-Based Access Control, Design & product strategy,
User research, Visual design, Usability testing

Project Overview

My Role

I led this project by aligning business goals, conducting user research, defining the design strategy, creating mockups and prototypes, conducting usability testing, gathering feedback, and iteratively refining the design for continuous improvement.

Context

A large company employing a large number of people uses a content management system (CMS) for various purposes such as incentive administration, workflow management, content editing, and more. Based on their roles, different account types in the CMS require different kinds of access.

It’s crucial to manage these roles and access permissions effectively to ensure security and reliability in your business operations.

Problem

Due to the current system’s inability to effectively manage CMS users’ permissions and roles, our clients must contact LiveLike staff for assistance. This has increased requests in numerous situations.

Business Goal

Develop and implement a comprehensive Role-Based Access Control (RBAC) system that addresses the current issue, providing a secure, scalable, and efficient way to manage user permissions and roles within the LiveLike CMS.

Success metrics

• Reduction in customer direct contact for role and permission updates.
• Implementation of distinct roles with specific permissions for each role.
• Enhanced user-friendly experience.
• Scalability to accommodate access for future features.

User Research

Target audience

This feature’s primary users are professionals within an organization who depend on secure and efficient access to various CMS functionalities. This includes teams such as marketing professionals, content writers, and others who use the platform for various tasks and objectives.

Uncover user needs

Scheduled several meetings with our customers to gain deeper insights into their challenges and needs when managing a role. During these user interviews, key questions were addressed to uncover pain points and opportunities for improvement.

• What challenges do you face in assigning or managing access to different features?
• Does the current setup impact collaboration within your team? If yes, how?
• What are the risks you perceive in the current system?
• What would an ideal user management and role system look like for your team?
• What specific roles or access levels would you like to see implemented (e.g., admin, editor, viewer)?
• Are there specific business goals or operations that are blocked due to this limitation?
• Are there any specific compliance or security requirements that need to be met by a user management system?
• If you could ask LiveLike to prioritize one feature related to user management, what would it be?

Insights

Based on analyzing research reports these are the main challenges and needs of many users.

• Contacting LiveLike for managing permissions results in errors and inefficiencies, especially as the team grows.
• The lack of clear role definitions confuses who can access and edit certain features or content.
• Collaboration is hindered by misaligned access permissions, causing delays in content approval and decision-making.
• Difficulty in tracking user actions leads to accountability challenges when issues arise.
• Ability to group users by teams or projects for efficient management.
• Role definitions such as Admin, Editor, Content Reviewer, and Viewer with specific permissions tailored to different team functions.
• Managing permissions becomes increasingly complex as the team expands, restricting operational efficiency.

Design goals

Held several brainstorming sessions with the team to generate ideas and solutions for the RBAC system. The key points discussed include:

1. A central dashboard where administrators can easily manage user roles and permissions across different features of the CMS.
2. Use a simple interface that allows users to assign or remove access to specific features or content types.
3. Include default roles (Admin, Chat Manager, Viewer) with basic permissions, making it easy for users to select and assign roles.
4. Allow admins to create custom roles with granular permissions, such as “Analyst” with limited access to certain content types or features.
5. A detailed page for each role that shows exactly what permissions are granted (e.g., “Can Edit Content”, “Can View”, “Can Create”). This page should allow easy editing of permissions for each role.
6. Admins could grant access based on content type or even individual content items, ensuring that users can only view or edit content relevant to their role.

Brainstorming & Ideate

Information Architecture

It all started with a simple list of ideas during brainstorming sessions with the Product Manager. Together, we examined, refined, and expanded on those ideas until they began to form a clear picture. From there, I crafted a streamlined information architecture that brought order and clarity.

Information Architecture for RBAC Interface

User flow

Creating a custom role and setting permissions within the CMS

Create custom role

Assigning a role to a particular user

Assigning a role in RBAC

Removing a user’s access from a role

Removing a user access

Final Designs

Roles & Access page

Admins can view roles (Default and Custom), search and sort roles, navigate to archived roles, and create new roles.

Roles & Access Page in CMS

Create a role

While creating a role, an admin can:

• Name the role, CMS will validate the name is unique to avoid duplication
• Add a description of the role
• Role IDs are automatically generated for seamless integration. A copy button allows admins to easily copy the ID for further use
• Configure access for the role
• The “Create” button is only enabled if all validation and mandatory fields have been filled

Create a role

Role created successfully

Upon creating a new role, admins will receive visual confirmation through a success toast notification. The newly created role will be automatically added to the list and clearly identified with a “Custom” tag.

Custom role added

Edit & View Role

Clicking a role on the main screen navigates the user to a dedicated view & edit role page. Here, the user can modify permissions and other role attributes. The “Update” button remains disabled until changes are made.

Edit role

List of Users in a Role

Admin can view a list of users assigned to a role, including their email addresses and assigned dates.

Manage users

Find the users

Admins can search for users, add new users, or remove existing ones through this interface. It also shows users who are already assigned to this role.

Search, Add, Delete and user

Select multiple users

Save time by assigning a role to multiple users at once. Use checkboxes in the dropdown or separate user names with commas to assign roles to multiple users.

Assigning user

Users added

Adding or removing users will automatically update the list, followed by a confirmation message for 3 seconds. Also, the ability to remove a user from the list.

Archived roles

Temporarily disable roles by archiving them

Archived Roles

More action on a role

• Edit Roles: Make adjustments to existing roles
• Duplicate Roles (Save Time): Quickly copy a role’s settings and modify just the specifics you need
• Archive Roles (Temporarily Disable): Hide roles you don’t need right now, but keep them accessible later
• Delete Roles (Remove permanently): Remove roles you no longer require

More action on a role

Usability Testing

Conducted usability testing on the initial prototype with customers to assess the ease of user journey and the overall user experience of the new feature. The results were highly promising, with a 94% task completion rate and an average task completion time of just 20 to 26 seconds. Additionally, the feature achieved a 93% first-time success rate, underscoring its strong usability and intuitive design.

These outcomes provided a clear signal to prioritize and further develop this functionality, ensuring it would be available to our customers as soon as possible.

Conclusion

Three months after the release of the RBAC feature, we distributed a customer survey, analyzed the feedback, and collected data to evaluate its effectiveness.

The predefined roles, along with the ability to create custom roles, received particularly positive feedback from users. Customers also noted that the process of assigning and managing roles was much quicker, leading to a significant boost in their overall efficiency.

The results were telling: the new system led to a 96% reduction in direct support inquiries related to RBAC, an 89% task success rate during the quarter, and a strong 90% first-time success rate. These metrics highlight the feature’s success in enhancing both usability and user satisfaction.