The Challenge
Protecht, a leader in Enterprise Risk Management software, faced a critical issue with their flagship product, Protecht.ERM. Used by government agencies and financial services across APAC, EMEA, and North America, the platform enables seamless integration of risk management into daily operations. However, the existing Roles and Permissions system was poorly structured, with an overwhelming list of over 3000 permissions for each role.
Users pain points
Customers frequently complained about the complexity and poor user experience of the Roles feature. Administrators found it daunting to manually add permissions one by one, making it challenging to activate or monitor active licenses effectively. This disorganized approach made efficient management of access control nearly impossible.
Business Impact
Protecht's implementation specialists and advisers were inundated with requests for assistance in configuring organization roles and permissions. The onboarding process for new customers could take up to nine months, primarily due to these complexities.
Additionally, a new business model that charged customers based on the quantity and types of roles and licenses was initiated, further highlighting the need for improvement.
Project summary
To address these challenges, we launched a comprehensive redesign project focused on improving the user experience and interface of the Roles and Permissions system. Our goal was to simplify the process of assigning and managing permissions while ensuring clarity and transparency in the access control structure.
The Process and Insights
User Research
In the early stages, we conducted in-depth user research to understand how enterprise customers preferred to assign permissions to roles. Key findings included:
- Users needed to maintain granular control over access, especially for sensitive records.
- A quick way to view active permissions for each role was essential.
- An easy method to manage permissions was highly desired.
We collaborated closely with the Lead Architect to ensure a seamless transition of existing customer data into the new system, maintaining data security and integrity throughout the process.
User flow and categorization of roles and permissions
Permissions rules and taxonomy
Information Architecture and User Flows
Informed by our research, we focused on creating a logical and intuitive structure for the Roles and Permissions system. Our approach included:
- Defining clear categories of roles and permissions
- Developing a set of rules governing the process of assigning permissions to roles
- Establishing a clear taxonomy to ensure consistency and efficiency in managing access control
We crafted user flows that prioritized intuition and efficiency, always keeping the end user in mind. These flows mapped out the journey of administrators as they created roles, assigned permissions, and managed access control. By visualizing these processes, we identified opportunities to streamline interactions and reduce cognitive load.
The information architecture we developed served as the foundation for our design, ensuring that users could easily navigate the complex system and find the information they needed quickly. This meticulous approach allowed us to create a well-structured and intuitive system that aligned precisely with user needs and expectations.
Design Concepts and Usability Testing
We tested two distinct design concepts to optimize the Roles & Permissions system:
1. The first concept assigned permissions based on Read/Write or Edit rights, organized by access rights and specific actions for each product module. Administrators could create new rules for granular control.
However, feedback from usability testing showed that this concept fell short of user expectations. Customers found it difficult to understand what permissions were included in the Read/View/Edit groups and were confused by the process of creating new rules without proper visibility. It became clear that we needed to refine our approach.
Creating a New Role and assigning Permissions
After usability testing, negative customer feedback was received about assigning permissions based on Read/Write or Edit rights during the initial design of a new role flow.
2. Based on the feedback received, we developed a second concept. This refined design displayed all permissions for each Resource module upfront, grouped to create a clear visual hierarchy. We implemented predefined templates (built-in roles) and added the ability to change permissions visually and flexibly.
Through rigorous usability testing of this second concept, we allowed real users to guide our decisions. Their feedback was invaluable, helping us strike the perfect balance between comprehensive control and user-friendly simplicity.
The result
Our comprehensive redesign project successfully established a streamlined and intuitive Role-based permission system with universal access control levels anchored in well-defined built-in roles. Key improvements included:
- Simplified permission assignment and management processes
- Increased clarity and transparency throughout the access control structure
- Significantly reduced setup time for new enterprise customers
- High customer satisfaction
As a result, the setup time for new enterprise customers was significantly reduced, from 9 months to just 2 months, leading to high satisfaction among our customers. This dramatic improvement in onboarding efficiency not only enhanced the user experience but also positively impacted Protecht's business operations.
This transformation addressed the challenges Protecht faced and improved overall user experience. The success of this project demonstrated the power of user-centred design in solving complex SaaS challenges and delivering tangible business results.
By focusing on user needs, developing a robust information architecture, creating optimized user flows, and iterating through design concepts, we were able to create a Roles and Permissions system that not only met but exceeded customer expectations. The significant reduction in setup time and the resulting increase in customer satisfaction underscored the value of our user-centric approach and the importance of thoughtful UX design in enterprise software solutions.