Optimising Group Management
Overview
Our client, a leading air defence organisation, tasked us with revamping their attendance tracking application. The goal was to enable digital check-ins for visitors at specified military locations.
Apart from developing the visitor-facing interface, our team also built the administrative backend that spread across three types of admin users.
Expanding Scope
Midway through developing the admin portal, the Product Owner (PO) requested categorising users into groups. This feature aimed to improve the efficiency of managing entrance permissions by allowing admins to:
Organise users: Group users based on relevant criteria
Flexible access: Assign access to user in groups and also individual users
Challenge
Integrating user group into the design presented a challenge. We needed to ensure the feature:
Offers a clear and intuitive experience for admin users
Seamlessly integrate with existing workflows
Minimise impact on timeline
The last point was crucial as the client needed the new functionality but couldn't afford significant delays.
The Process
Discovery
Understanding The Users
Initial Flow
What & Why User Group?
Desk Research
Field Study
Understanding The Users
Within the product ecosystem, there are 3 admin user types:
SuperAdmin (manages locations and users)
Admin (manages entrances, users and history log)
Host (manages visitors onsite)
User assignment permissions: Let's explore the user assignment functionalities for superadmins and admins.
As this feature is built to enhance capabilities in organising users for entrance management, admin users would be responsible for assigning entrance permissions.
Initial Flow
In the first phase, entrance access followed a streamlined approach. All existing users were automatically granted access when an entrance was created. Admins could then manually remove access for specific users if needed. New users required manual assignment for access.
As shown below, it was designed for flexible access where admin users can individually grant or revoke entrance access for any user, allowing for fine-tuned control over who can access each entrance.
What & Why User Group?
Typically, a group management tool empowers administrators to organise users into groups and delegate access privileges. In this context, access privileges would translate to assigning specific entrances.
Much of the backend code had been written per the approved designs when PO requested this feature. Hence, we'd prefer to avoid code modifications to minimise project timeline impact. Implementing a group management feature would require this, so we explored alternative approaches.
Desk Research
Moving forward, conducting desk research would be crucial to uncovering best practices and leveraging existing knowledge instead of reinventing the wheel. We can specifically focus on:
ServiceNow's user group management functionalities can provide insights into organising and managing user access within a complex IT service management platform.
Upon creation, the user has the flexibility to choose between group members, roles and groups, as shown below.
For Google Workspace, creating groups refers to the process of establishing a collection of users who can easily collaborate and communicate with each other. These groups function like mailing lists but offer additional functionalities like shared calendars, document access control, and security features.
Compared to ServiceNow, creating groups in Google Workspace offers a more streamlined approach. It focuses on assigning access permissions first during creation and guides the user to add members thereafter.
Field Study
During a recent onboarding session for the previous version of our product at an airbase, I encountered a key aspect of their existing system – the Electronic Key Management System (ETMS). This system allows users to group personnel into teams and assign them access to specific keys based on their roles and responsibilities.
This discovery of the ETMS validated a crucial aspect of user workflows at the airbase: the existing behaviour of user group management and granular access control for physical keys. This correlates with insights from previous field studies (as seen below) which also translates to the functionalities of our product, particularly assigning access to groups and individual users.
Ideation
Using 'Manage Entrance Access' as the core, we assessed how might we iterate the designs to an extent where the impact is minimal.
Revise the Initial Flow stage
The initial access flow has been updated to remove the automatic "grant access to all users" feature. This shift allows for more granular control over permissions by assigning access based on user groups.
Proposed Feature 1: Tagging Users
This feature allows users to tag other users when creating or editing user profiles. Similar to hashtags on Instagram, typing the first few alphanumeric characters will trigger a suggestion list of existing users.
One key question remains: How will we store the user tags? There are various options to consider, depending on the complexity and scale of the tagging functionality.
Also, importing users through CSV files becomes more complex with tags. The CSV format would need to accommodate tag information, potentially leading to data management challenges.
Proposed Feature 2: Group Management
The idea of user tagging lingered, prompting us to explore its viability as a separate feature that would not affect the effort greatly.
Initial flows were thought of and mapped out into three scenarios:
Create Group
Add New User
Edit Entrance Permissions
While creating and assigning users to groups is straightforward within this module, adding entrance assignment functionality here would create redundancy with the 'Manage Entrance Access' feature in Entrance Management.
Hence, we first built a streamlined group management module for creating and assigning users to groups. Second, we explored enhancements to the 'Manage Entrance Access' functionality to integrate group-based access control.
Creating Group Management
Leveraging existing components for efficiency, we built the module utilising the data grid and populating it with the necessary user data.
In creating entrances, it is a 2-step flow where the entrance is created first, and then you can start assigning users to it. We replicated this behaviour for creating groups, leveraging the existing pattern.
However, since group creation only requires a name input, we utilised the drawer component to provide a more compact interface suitable for single-step group creation.
Thereafter, users would be directed to 'Manage Group Access' where they can assign other members to the group.
Enhancing 'Manage Entrance Access'
We revisited the 'Manage Entrance Access' functionality and since we decided not to make drastic changes, we integrated the group management module as a filter. This filter would allow users to view users by their assigned groups and select them for access.
This approach offers the flexibility of assigning access to entire groups or individual users without groups.
To fully integrate this feature, we considered several potential scenarios: adding users to an existing group, removing users from a group, and deleting a group.
We established the following for impact on the relationship between group and entrance access:
Adding new users to a group: Automatically grants these users access to all entrances associated with the group.
Removing users from a group: Revokes access to entrances only for those users who have been explicitly removed from the group. Existing members are unaffected.
Deleting a group: Does not affect the access rights of users who were previously members of the deleted group.
These rules ensure that changes to group assignments are reflected accurately in entrance access while minimising disruptions to existing permissions.
Given the potential for simultaneous user additions and removals, the first two instances should be consolidated, and the message should be generalised.
Hence, it is essential to communicate to users that existing assignments will be preserved when a group is deleted.
Usability Testing
A usability test involving three potential users was conducted on the admin dashboard. While the overall test yielded valuable data, this case study will delve into specific findings related to member assignment, user flow evaluation, and product enhancement feedback.
(In Manage Entrance Access) Assign users from group "ABC" to entrance "IMF Building"
All 3x filtered and assigned users to entrance successfully
1x suggests to include group column in the user table so they can easily confirm that users belong to specific groups
All 3x understood that group "ABC" originated from group management
(In Group Management) Create group 'SH-TS' and assign users
All 3x assigned users to group successfully
1x feel it is better to include group name in the title
(In Manage Group Access) Add additional user to group 'ABC'
While observing if users would read message in modal:
All 3x added user to 'ABC' successfully
Upon reading message, All 3x understood that user would automatically be added to entrances that group members are assigned to
2x felt that it would be better to list down the entrance(s) in the message
Feedback
Amendments were made to include:
Group column in 'Manage Entrance Access' user table
Group name in title (e.g Manage Group Access: <group name>)
While displaying entrances within the modal would be optimal, necessary technical adjustments will be addressed in a future phase.
Moving Forward
As the product gets onboarded by more users, I seek to conduct more usability testing sessions with participants to obtain more insights as to improve the product's experience.