Role Based Access Control for Confluent Cloud
Highlights: In this project I designed the entire end to end experience, overcame a challenge, and created something with great impact on the business and design system.
Role Based Access Control (RBAC) is a method of controlling the security of resources in a product by assigning roles to users. Security was a big concern for many of our large customers when considering using our product. RBAC was the most highly demanded security feature from our customers and it impacted many potential customer deals without it.
RBAC had already been added to our On-Premise product and was a success. My role was to design a version of RBAC for our Cloud product.
About Confluent Cloud
Confluent Cloud is a streaming data service based on Apache Kafka and used by developers to process their data to build applications.
My Role
End to end design
Worked with
1 PM, 1 FE Engineer
Goal
Create a way for admins to easily manage and control what resources their team has access to
Designing for Operators and Developers
How does RBAC work?
Confluent has a lot of different types of resources. Each type of resource serves a different purpose for storing and processing data.
With RBAC, we had a predefined set of roles tied to a specific resource. For example, if you were granted the role of an Environment Admin, then you would be given access to that Environment and all the resources in it. You can think of it as a file system and each resource is a folder that contains more resources in it.
Challenges
One of the biggest challenges was that there were so many different types resources in the product that a user could have access to. Users needed to see who had access to those resources. Except each of those resources also contained resources within them and there was a hierarchy to all of it.
Initial Designs - Wireframes
For the initial designs, I designed a flow that followed the hierarchy of all the resources in the product. To add or manage roles you would have to select the resource name. As you select into a resource, it would take you to a new page that took you deeper into the next level of that resource.
I reviewed these initial wireframes with stakeholders and received negative feedback on the flow. From a UX perspective, there were too many pages to go through which made it confusing and easy to get lost.
My mistake was trying to over index on the hierarchy and trying too hard to be consistent with existing design patterns in our product. This resulted in a overcomplicated flow.
New challenge
After the negative feedback, I was faced with a new challenge. How can we clearly and effectively display all resources? Instead of looking at the existing design patterns, I decided to look outside of the product for inspiration. The biggest challenge was being able to display so many different resources and hierarchies at once, which is why I looked at file management systems as inspiration for displaying many items at once.
Final Design
For users to easily manage all the roles for the different resources while also being able to navigate and understand the hierarchy of the resources, I created an expanding table component. This allowed users to click through the different resources while also seeing the hierarchy of the resources without leaving the page.
Interaction
The biggest challenge was finding the right way to organize and display all the different resources. Once I had that nailed down, I was able to use that same pattern for the rest of the flows.
Viewing your own permissions
Impact
Unblocked 70% of customer deals previously blocked due to security concerns.
Since the launch, 93% of active customers use RBAC.
The expanding table component I designed has been utilized by other designers for their product features.