A Systems-First Approach to Scalable Access Management
A Systems-First Approach to Scalable Access Management
Embedded Files
Overview
Overview
I led the UX for a new access-management system used by multiple admin personas responsible for granting entrance permissions across locations. Midway through development — after backend work was already in progress — the Product Owner (PO) requested the addition of user grouping to improve how admins organise users and assign entrance access at scale.
This created a strategic challenge: how do we introduce powerful organisational functionality without rewriting backend structures or delaying release timelines?
Challenge
Challenge
A traditional “user group” system is inherently complex, especially for a V1 product. Implementing it at this stage would require:
new relational tables
grouping logic
cascading access rules
changes to entrance assignment flows
Given the PO’s timeline constraints, we needed a solution that delivered the value of grouping without destabilising the existing architecture.
Strategic Insight
Strategic Insight
Field observations of the existing Electronic Key Management System (ETMS) workflow showed that admins typically grouped personnel into teams based on roles and responsibilities, then assigned access accordingly. This behaviour reflected a categorise-then-assign model rather than a rigid or deeply hierarchical structure.
This insight opened the door to a more lightweight approach.
Solution
Solution
Solution Direction 1: Tag-Based User Classification
I explored a tagging framework where admins could attach labels to users during profile creation or editing. Tags would behave like flexible descriptors that could be:
reused across workflows
filtered against
combined to segment users
used for bulk access assignment
Strategic advantages of tags:
Strategic advantages of tags:
No complex grouping logic
No major backend rewrites
Easy to integrate into existing patterns
Scales naturally for future attributes
Tags delivered 80% of the functional value of grouping with a fraction of the cost.
Solution Direction 2: Streamlined Group Management (Minimalist Approach)
Since tags introduced questions around storage and import complexity, I explored a second approach: a lightweight group creation module that reused existing UI components and interaction patterns.
Key design principles:
Single-step group creation via a drawer
Reuse of the “2-step creation → assignment” pattern from entrance workflows
Clear separation between “create group” and “manage group access”
No major changes to backend logic
Treat groups as filters inside “Manage Entrance Access” rather than redesigning the entire flow
This avoided redundancy between group management and existing access workflows.
Engineering Alignment
Engineering Alignment
I partnered closely with engineering to evaluate technical impact. Through collaboration, we aligned on the following:
Building full hierarchical groups would require several weeks of backend work
Tags introduced fewer structural dependencies but needed careful planning for storage
A lightweight group module was achievable by reusing existing patterns
Group filters could be integrated without altering core access logic
Changes had to avoid disrupting already-built backend components
Ultimately, we delivered a hybrid solution that maintained timeline integrity while elevating the product’s organisational capabilities.
Usability Testing
Usability Testing
A usability test involving three potential users was conducted on the admin dashboard. While the overall test yielded valuable data, this case study will delve into specific findings related to member assignment, user flow evaluation, and product enhancement feedback.
(In Manage Entrance Access) Assign users from group "ABC" to entrance "IMF Building"
All 3x filtered and assigned users to entrance successfully
1x suggests to include group column in the user table so they can easily confirm that users belong to specific groups
All 3x understood that group "ABC" originated from group management
(In Group Management) Create group 'SH-TS' and assign users
All 3x assigned users to group successfully
1x feel it is better to include group name in the title
(In Manage Group Access) Add additional user to group 'ABC'
While observing if users would read message in modal:
All 3x added user to 'ABC' successfully
Upon reading message, All 3x understood that user would automatically be added to entrances that group members are assigned to
2x felt that it would be better to list down the entrance(s) in the message
Outcome & Impact
Outcome & Impact
The final approach:
Introduced group creation with minimal UI footprint
Integrated group filtering seamlessly into access assignment
Preserved existing entrance-access workflows
Avoided backend rework and kept release timelines intact
Reflected real-world mental models validated through field study
Provided a scalable foundation for future attribute-based enhancements
Usability testing validated the clarity of the flows and surfaced UX improvements that were quickly incorporated (group columns, improved titles, clearer messaging).
Contributions
Contributions
My leadership contribution extended beyond UI design:
Identified the architectural implications of the PO’s late-stage request
Reframed the problem to find solutions aligned with technical constraints
Proposed alternative models (tags vs groups) grounded in user behaviour
Facilitated decision-making between product and engineering
Designed scalable, low-friction entry points for future enhancements
Ensured the V1 release remained on schedule without sacrificing user needs
Through this, I learned to balance user needs, product vision, and engineering feasibility — especially under shifting requirements.
Page updated
Report abuse