Access Control Management
We wanted to implement a policy-based access control model (ABAC), which will offer increased flexibility and centralised access management, thus better meeting our platform's security and access control needs.
Goal
To disseminate information in an innovative and interactive format. Thanks to the Guide tool, our customers and employees are guided step by step in solving their problems.
-
The access management solution on our web platform was based on a system of permissions by module and by source. This system allows a user's access to specific modules or sources to be granted or revoked, with four access levels: Administrator, Contributor, Reader and No access. For workspaces, three access levels are available: Administrator, Contributor and No access. Currently, access to data is open by default.
-
Administrators must manage permissions for objects, attributes, and features, but the system is complex and repetitive.
Users can access sensitive information without restriction.
Features intended for stewards clutter the reader experience.
How might we …
Simplify the management of user permissions so that admins can easily configure, visualize, and maintain complex access rules without repetitive manual actions?
Design phase — Building the user flow
To transform the complexity of access management into a smooth and consistent experience, we had to work on a detailed user flow mapping out each step in the creation of an access rule.
The goal was to simplify the underlying logic (permissions by module, attributes, statuses, etc.) while retaining the power and flexibility of the ABAC model.
Objective of the user flow
Create a clear user journey enabling administrators to:
Quickly define complex permission rules
View application conditions (by module, tag or status)
Avoid errors and redundant configurations
Superadmin role
Description: New administrator role for all workspaces, capable of creating global rules.
UX decision: Implement from the first milestone to prepare for the next steps..
Workshop
Hierarchy and rules
Main rule: can view < can edit < admin < no access
Decision: No Access takes precedence over all other permissions in the event of a conflict.
Factorisation and grouping
Problem: Permissions per user are repetitive and difficult to manage.
Solution: Automatically group users and teams with similar permissions.
Milestone 3 – Final decisions
Workspace admin can manage module/source rights without modifying their own rights.
Removal of Admin type on module/source.
Import/export permissions can be enabled via Can Edit.
Management of Validated/Obsolete statuses for stewards.
Result
Massive reduction in clicks, improved efficiency
200,000 clicks before → automated
Analyze impact
The new Access Control Management introduced an ABAC model and a group-based factorization that drastically simplified permission handling.
Rules are now centralized and reusable, allowing admins to manage access for multiple teams and modules from a single place.
This redesign brought clarity, consistency, and stronger security — users only see what’s relevant to them, while admins gain a global and auditable view of all permissions.
Up to 80 %
fewer repetitive configurations, instant rule propagation across modules, and a significant drop in access-related support tickets.
Business & User Outcomes
Drastic reduction of configuration errors and support tickets related to access issues.
Empowerment of workspace admins, who can now independently manage permissions without technical support
100 % of clients
adopted the new permission management system within weeks.
Keep reading
More examples of design that drives results.
