Permissions

Large enterprise customers at Atlassian utilize complex permissions structures on their Atlassian tool suite to ensure compliance with external and internal regulatory bodies and ensure the security of the platforms. Companies must balance this with the user’s needs to have access at varying levels so they can be productive on their project

Pain point exploration workshop

We got together representatives from design, product management and engineering to run a workshop to get a shared understanding of the current platform when it comes to permissions and to align on major goals and concerns for the project.

Categories

We ran through the current user stories and in-product user journeys highlighting three major categories.

  • Pain points users encounter

  • Ideas we have about improving the functionality

  • Feasibility concerns when it comes to the user flow

Crazy 8s Ideation Session

Now that everyone involved had a shared understanding of the platform and how it functioned as well as the user’s pain points and some rough ideas for improving the solution we ran a crazy 8s session allowing everyone to take part in the sketching and ideation process. This gave us an overarching view of the types of solutions available and what members of the team had in mind.

Screen Designs

Based on our crazy 8s sessions and the pain points we had mapped out we created screen designs that responded to the main issues.

Provide transparency of permissions at varying levels.

Rather than users having to see multiple levels of permissions in varying places, we let all relevant permissions flow through to the level they were on, this meant they could see who could view their repository even if it was coming from a higher level than the one they were on.

Allow users the ability to search for specific users

We allowed users the ability to search for a specific user and find them either in the list of users with permission or within the groups who had permission. This meant they could understand who had access and what action needed to be taken to remedy that.

Allow users to drill down into groups.

Groups were represented at the top level showing which groups had access. We enabled users to click on a group and drill down to see exactly who was in the group and who had access to their repository/project.

Allow users the ability to search for specific users

We allowed users the ability to search for a specific user and find them either in the list of users with permission or within the groups who had permission. This meant they could understand who had access and what action needed to be taken to remedy that.

User Testing

  • 6 companies

  • 24 Users

  • 3 countries

We user-tested with our largest customers, those who are most affected by permissions and have the most complex needs in the area.

Updated and results

Testing allowed us to tweak our solution when it came to users’ ability to find some elements. It also validated the usefulness of the transparency solution while easing any concerns we had about causing security issues for our customers. We reported on this in confluence linking out to Dovetail playlists. This meant stakeholders could view a decision and immediately click through to a 10-minute playlist of the evidence that led to that decision. The use of dovetail meant we all gained knowledge as we could quickly watch multiple users answer common questions and tackle common tasks.