Access Control Security UI

The single largest project I embarked upon at Treasure Data was a redo of the access control system used to give permissions to individual users. The design itself was iterated upon for a year to make sure it covered every use case. The design team spearheaded this initiative even before product management put it on the roadmap. The early design iterations helped product management and others to see the direction the system would be headed.

Here are some select screenshots from the final design:

This was a large file with many details
Groups = collection of users
Roles = Collection of Permissions
Tags = Collection of Assets or Contexts
Policies = Join between Group, Role, and Tag

The structure was simple. You create abstractions for users, for sets of permissions, and for places in the application. A policy brought it all together. The whole system was additive, although a DENY permission would have been compatible.

Effective Permission UI in the Tree

I designed this system because Product Management asked me to. However, I don’t suggest doing this for your new startup security solution. Use an out-of-the-box solution like Okta or an open source alternative. For most companies, this kind of access control is not their primary business.