This was the first phase in overhauling user management at Platform.sh. It provides the ability to view and manage organization and project permissions for each member from a single screen. You don’t need to browse and check all your projects’ settings one by one anymore. I was the lead product designer on this project, and I worked with multiple cross-functional teams that included 2 product managers, 5 engineers, and leads from Accounts and Engineering.
Company:
Platform.sh
Year:
2022
The Challenge
Platform.sh user and project permissions were managed individually per project. In order to view or edit user permissions, an admin would have to individually check each project settings page. If you have a lot of projects, this is very time-consuming. User licenses are also managed at the project level. So if you have the same user on two projects, you get charged twice for that user. This per project user license pricing model was one the most frustrating aspects for our users.
User research
We interviewed several current customers about their pain points. Here's what we heard:
"Ensuring that different users have access to the various projects within our control has been a problem. When I forget to add a developer to a project it can take hours before they get full access"
"I've found it hard to manage users individually - especially when someone comes on to or leaves the team"
"I think it would be great if the users (defined in 'Access' in each individual project) could be controlled in a central user profile for a given person. That way, we can quickly have a bird's eye view of what project a given developer has access to and check/uncheck what they can. The current per-project access level settings are a bit frustrating when a developer leaves or we need to control who has access to what – we have had to click-into each project to check access, which is a laborious process."
Goals
User goals:
Add, remove, and edit users easily at the organization level
Only pay for user licenses once and not per project
Gain a holistic view of users and permissions across the organization and project levels
Business goals:
Make Platform.sh pricing more competitive by migrating user license pricing from projects to organizations
Improve our product experience for large organizations (Enterprise)
Process
User story
From the research, we were able to create a general user story.
The CTO of a digital agency manages 30 projects within their organization. They want to check and audit user permissions because they need to know:
“Does my new engineer have the right permissions on every project?”
“I have an engineer offboarding from the agency. How do I remove this user from all projects?”
“On which projects is this user a viewer on production?”
“On which projects does this users have project admin permissions?”
Without centralized user permissions, the organization owner would have to check and change each one of 30 project settings pages, one by one (which is a lot of clicks and time wasted).
Information architecture and user flows
The most challenging part of this process was figuring out how the different permissions layers would work with each other. Platform.sh already had project level user permissions by environment type. With the updates to user licenses, there will be a new layer of organization permissions on top of the project level permissions. Because of particular edge cases, the best path forward was to implement organization level permissions that can override project level permissions. For example, if a user with "Project List" org level permissions was granted "No access" project level permissions on one particular project, they would still have access to that project because of their organization permissions. We renamed organization "permissions" to "roles" to better differentiate the organization and project levels.
Designs
Several new screens and user flows were added to the product with this feature:
User Management: This screen provides a holistic view of all organization members. It allows the ability to bulk add, remove, and edit users.
User Details: This screen provides a details look at a user's organization permissions, assigned projects, and project permissions. It allows ability to edit permissions, assign projects, and remove projects from an individual user.
Results
Time saved for users
This feature saves a lot of time and multiple clicks for organization owners.
Better security and control
Auditing permissions is possible in one single place and not by switching from project setting to setting like it used to be.
Great value for Enterprise users
The more users and projects our customers manage, the more value this feature brings.