I designed a permission system for Crew’s enterprise product, allowing features to be accessed in the appropriate scope for each user.
Command Center gives company leaders insight into how their teams are using Crew. Its typical user is someone who oversees multiple teams and needs one place to manage them. Over the years, Crew was selling into large enterprises, but Command Center usage remained low. We discovered two reasons for this:
There was no way to invite coworkers
Users couldn't invite coworkers to join Command Center. Instead, everyone had to be manually provisioned by Crew account managers.
There was no way to restrict features
Command Center includes powerful features, such as the ability to post company-wide announcements. Our customers were reluctant to grant Command Center access widely unless those features could be restricted.
– An enterprise customer
For initial inspiration, I looked at other enterprise products, including Google Team Drive, Asana, Zeplin, and Slack. This helped me get a sense of existing paradigms for handling permissions. I also researched different flavors of access models, including role-based access models and rule-based access models.
Clearly many types of access models exist, but which one would meet our customers' needs? The next step in the design process was talking to customers and their Crew account managers. Through these conversations, I was able to identify three main use cases for permissions:
This includes leaders in HR and Operations, who are typically our champions at enterprise companies and the actual users of Command Center. These individuals need unlimited access to Command Center.
Middle managers sit beneath company executives and typically oversee several teams. They need Command Center to be scoped to just the teams they manage.
Assistants, interns, etc.
Interns and assistants need Command Center access to perform small tasks – but should be restricted from performing serious, consequential actions.
These use cases gave me a clear idea of the roles and permissions that were needed. I was able to start mapping out a flow for how our enterprise customers might add new people to Command Center.
I explored different flows, trying to break up the steps and make them digestible for our users. One of the challenges was providing enough context for users without overloading them with information that they might subsequently ignore.
I also had to consider how Command Center would appear for someone with limited access. This meant systematically evaluating each page on Command Center and designing the "limited" version of it.
Finally, I created a clickable prototype that I showed to three enterprise customers, which helped me validate key flows and collect general feedback.
The final design was implemented over the course of 2 months with the help of one backend and two web engineers. It included the following features:
We built a new page that shows everyone with a Command Center account. New users are added and configured from this page.
Individuals in Command Center can be admins or users. Admins have complete access to all features, whereas users have variable access depending on how their admins set them up. I had considered other types of roles (a "super-admin" role, for instance) but ultimately opted for a simpler solution for version one.
Admins can restrict a user to only have access to certain teams on Command Center. This feature was designed for middle managers, who only need (and want) to see information relevant to their teams.
By default, users are granted all “read” permissions on Command Center. Additional “write” permissions must be explicitly granted by an admin.
Interface for restricted actions
The interface is disabled when users don't have permission to perform an action. A tooltip appears upon hover to help them understand what's happening.
We released Command Center user roles and permissions in March 2019. Since then, we've seen a steady number of new users added to Command Center each month. Customers have had generally positive things to say:
– An enterprise customer
We've seen validation in other ways as well. In April, Crew closed its biggest deal yet. Our new customer needed operators to be configured in Command Center in a very specific way. Fortunately, we had built a system flexible enough to accommodate their needs – with almost no changes needed.