Customers needed a powerful way to limit their users' access to create, read, update, and delete Record Templates & Records in Winmore. There was no formal security system before the redesign - every organization had an open security model.
I was the lead interaction designer working alongside a UX researcher.
Our team whiteboarded many ideas. One of the hardest parts of the process was that the engineers would keep rearchitecturing how security would work, and we would have to recreate wireframes to adapt to the new architecture. The main users who would be using our product are our Customers' admins and our company's solution architects.
There were many different areas of the app that we had to implement security for, including:
Users and Groups
In the Studio (admin) page, we created a section called 'User Management and Security'. Upon drilling down into it, the admin can create Security Groups. The admin can then give groups different permissions.
After selecting a group, the admin can add users to the group. We explored many different ways of adding users, and did a lot of internal tests with Solution Architects. They particularly liked the pattern of being able to add and remove users on the right column; that way, they could manage access while referencing who was in a group.
Record Template (Record Type) Access
Upon selecting a group, the admin can add or remove Record Types and fine-tune Create, Read, Update, and Delete access.
2 years later, we did a re-design of Security, implementing both visual and interaction improvements. The visual design is much cleaner, and the admin can easily navigate between groups.
We also implemented the capability to manage a group's ability to Start a Workflow.
2 years later, we redesigned the page to make it more visually appealing and easier to use.
We also added the functionality for Admins to be able to edit Security Access via the Record Template Editor. In a Record Template editor, users can manage Security pertaining to that particular Record Template.
Upon clicking Security as shown above, the admin is brought to this overlay.
After selecting a Workflow, the admin can then manage Read and Start access.
During our redesign of security, we added the ability for Record Templates to have Security Rules. Some organizations have extremely specific security needs, and Rules were our way of meeting those. Dynamic conditions and field-specific access can be applied to a rule. For instance, security can be fine-tuned so that only the West Coast Sales group can Read, Create, and Update Opportunities located in the West Coast, and only view the ARR and Location fields.
Because of our security system, our customers were able to fine-tune security and help users view only what was relevant to them.