Granting appropriate access to users by assigning multiple roles for specific environments
3 min reading time
Senior UX/UI Designer
Role
Senior UX/UI Designer
Team
Product / CTO office
Product
SaaS B2B Cybersecurity
The Challenge
Feedback from our larger clients highlighted the need for flexibility and comprehensive control when granting system access to new users.
Example:
A Kubernetes cluster admin should have full access and ownership of their cluster, while receiving viewing permissions only for overlaying and connecting cloud accounts.
Design Solution
The Process
Designing a role-based access control (RBAC) system is challenging, and I'm drawing from the experiences of others who have tackled similar tasks
After consulting with the dev team and exploring various RBAC modules, I gained valuable insights into different approaches.
.png)
.png)
While the cloud-based approach to RBAC appeared promising, it didn't align perfectly with the requirements of Secure Cloud
For Secure Cloud, we needed greater flexibility in selecting specific accounts for the public cloud and clusters for Kubernetes.
.png)
During setup, the admin assigns the user's role, while allowing the user to choose their name and password. This streamlined approach benefits both parties involved.
Take away
Although we didn't conduct user testing for this feature, internal testing and reliance on existing models gave us the confidence to proceed. After release, we remained vigilant for any UX bugs that might arise.
Taking on this challenge without prior knowledge of complex RBAC made designing this feature even more exciting, I thrive on new challenges.