Role based access control @ Fastly
Custom roles for more contro
Timeline: January 2021 - July 2021
I led product strategy, design and UX research alongside two engineering teams without a dedicated product manager.
Enterprise customer retention has been at risk due to our limited user management capabilities. Product and I felt pressure to come up with a solution that met the industry standard as well as our customers’ expectations.
It is very difficult for customer admins to manage thousands of users on a Fastly account. There are not enough roles (e.g. permission sets) available to assign to users, forcing customer admins to over grant service access. As a result, customer admins were concerned that the wrong employee within their organization could accidentally wreak havoc on something in production.
In collaboration with the engineering teams, we designed and shipped a role based access control beta for users to create and manage custom roles. During the 15 user interviews I conducted with enterprise customers, every one specifically asked for custom roles because it’s an available feature in the industry. Going in this direction contradicted the patterns I identified after coding the user interviews:
- The requested custom roles happened to be the same across multiple customers.
- All customer admins want more control over service access.
I advocated for the customer to not have to depend on docs just to invite users to the account and assign them to a user role that maps to their job which led to the team deciding to throw away the role management beta work and start fresh with an MVP 2.0 that adds 4 more Fastly managed roles with more access control and granularity.
