Centralized Access Management

I designed a scalable way for admins to manage user roles and permissions with clarity and control.

Role

Product Designer

Main collaborators

1 PM, 3 Engineers

Year

2024

Problem

Access privileges were tied to groups made for operational purposes. Each group shared the same access, regardless of individual responsibilities. This led to unclear boundaries, accidental over-permissions, and heavy backend dependency to make changes.

Admins needed a flexible, transparent way to assign access to individuals without compromising security.

Solution

We introduced a Role-Based Access Control (RBAC) system that decouples groups from privileges, giving admins fine-grained control over who can access what. With RBAC, admins can now create roles, assign them to users or teams, and define conditional rules—ensuring the right access for the right people.

Impact

Enabled self-serve role creation and assignment for admins.

Brought transparency and traceability to all privilege configurations.

Revenue genereated ~4M $ and incident rates lowered by 68%.

Key flows ~

Role creation

Admins can create new roles from scratch or with AI assistance.
They can define privileges across objects (tickets, issues, conversations, etc) and customize actions beyond CRUD—like commenting or linking items.

Role assignment

Roles can be assigned to individual users or groups. If someone needs temporary or extra privileges, admins can grant those at the user level without editing the base role.

Adding conditions

Conditions help refine how access is applied—for example, allowing a role to modify only tickets “created by their team” or “within a specific workspace.”
This enables flexibility while maintaining guardrails.

Snapshots

This was one of the most requested features by our customers. After launch, we received appreciation from clients for introducing granular access control—something unmatched by any other product in the category.