Enhancing user experience and access control in a complex SaaS Roles & Permissions system.

User Research, UX strategy

IA, User flows, Prototyping 

UI design, Usability testing


The Challenge

Protect is the leader in Enterprise Risk Management software and services across the APAC, EMEA, and North America regions. Used by Government and Financial Services Protecht.ERM allows companies to integrate risk management into their day-to-day activities seamlessly.


Protecht ERM  faced a critical issue with its Roles and Permissions system. The existing setup was poorly structured, with an overwhelming list of over 3000 permissions for each role.

Users pain points

The company has received many complaints from customers about the complexity and poor user experience of their Roles feature.  Manually adding permissions one by one became daunting, making it challenging for administrators to activate or monitor active licenses effectively. This disorganized approach made it impossible to have efficient management of access control.


A dedicated space to view, assign, and manage Roles and Permissions was seen as highly desirable. Customers were looking for a way to streamline this process.

Business Impact

Protecht's implementation specialists and advisers were inundated with complaints and requests for assistance in configuring organization roles and permissions. Onboarding new customers could take up to nine (!) months, primarily due to the complexities of roles and permissions setup.


Also,  a new business model was initialed that charges customers based on the quantity and types of roles and licenses.

Project summary

In response to these challenges, a comprehensive redesign project focused on improving the user experience and interface of the Roles and Permissions system was defined as a critical project in order to improve the current ERM system.

The project aimed to simplify the process of assigning and managing permissions while ensuring clarity and transparency in the access control structure.

The Process And Insights

User Research

In the early project stages, we engaged in user research to understand how our enterprise customers preferred to assign permissions to roles. Users expressed a critical need to maintain granular control over access, particularly for sensitive records, emphasizing the importance of selectively sharing information.


They needed a quick way to view active permissions for each role and an easy method to manage them. This feedback guided our UX redesign, focusing on user-friendly features to streamline access control management.


We also teamed up with the Lead Architect to tackle the technical side of the project. Together, we ensured a seamless transition for our customers' existing data into the new system, maintaining data security and integrity throughout the process.

User flow and categorization of roles and permissions

Permissions rules and taxonomy

Informed by user research and insightful stakeholder interviews, we proceeded to define the categories of roles and permissions. Additionally, we developed a set of rules and established a clear taxonomy governing the process of assigning permissions to roles.


This meticulous approach allowed us to create a well-structured and intuitive system, aligning precisely with the needs and expectations of our users while ensuring consistency and efficiency in managing access control.

The first Design Concept and Usability Testing

We tested two design concepts to optimize our Roles & Permissions system. 


For the first concept, we assigned a set of permissions based on Read/Write or Edit rights, organized by access rights and specific actions tailored to each product module. Admins could create new rules, allowing for a high level of control over role permissions. The idea behind this concept was to initially grant permissions at a more generalized level, with the ability for administrators to create new rules if necessary.


However, feedback from usability testing showed that customers wanted to see all permissions upfront and to clearly understand what permissions were included in Read/View/Edit groups. They found it difficult and confusing to create a new rule without proper visibility.

Creating a New Role and assigning Permissions

After usability testing, negative customer feedback was received about assigning permissions based on Read/Write or Edit rights during the initial design of a new role flow.

The Refined Design: Incorporating User Feedback

Based on customer feedback, the second concept displays all permissions for each Resource module upfront, grouped together to create a clear visual hierarchy. The predefined number of permissions from the first concept was implemented into the second one through templates (built-in roles) for different types of roles, making the setup process easier. Additionally, the ability to change the number of permissions in a visual and flexible manner was also proven.

The result

We successfully completed a comprehensive redesign project aimed at enhancing the user experience and interface of the Roles and Permissions system. The goal was to establish a streamlined and intuitive Role-based permission system that offers universal access control levels and is anchored in well-defined built-in roles.


The permission assignment and management processes were simplified through this project, resulting in increased clarity and transparency throughout the access control structure. As a result, the setup time for new enterprise customers was significantly reduced, from 9 months to just 2 months, leading to high satisfaction among our customers. This transformation had a positive impact and we launched a comprehensive initiative to address these challenges.

Back to projects