A systems approach to permissions management
Culture Amp's mission is to create a better world of work.
This project is focused on enabling more users to create that better world by providing them with the access they need
The challenge
The challenge
The challenge
Unblocking product value realisation stifled by a fragmented model for roles and permissions
The result
The result
The result
A usable and consistent platform-wide model for delegating access across disparate product modules
PART I
thinking
Background and context
Delegated responsibilities
Culture Amp is typically managed by a People or HR Function that is responsible for:
• Managing employee data
• Launching performance cycles
• Surveying workplace culture
• Learning and development planning
These tasks are typically delegated to multiple individuals or teams within the broader HR function.
Background and context
Delegated responsibilities
Culture Amp is typically managed by a People or HR Function that is responsible for:
• Managing employee data
• Launching performance cycles
• Surveying workplace culture
• Learning and development planning
These tasks are typically delegated to multiple individuals or teams within the broader HR function.
Background and context
Delegated responsibilities
Culture Amp is typically managed by a People or HR Function that is responsible for:
• Managing employee data
• Launching performance cycles
• Surveying workplace culture
• Learning and development planning
These tasks are typically delegated to multiple individuals or teams within the broader HR function.
The existing state
A fragmented product experience
Culture Amp acquisition of smaller companies meant that the product’s authorisation model continued to fragment over time - best captured in Culture Amp’s customer support docs at the time
The existing state
A fragmented product experience
Culture Amp acquisition of smaller companies meant that the product’s authorisation model continued to fragment over time - best captured in Culture Amp’s customer support docs at the time
The existing state
A fragmented product experience
Culture Amp acquisition of smaller companies meant that the product’s authorisation model continued to fragment over time - best captured in Culture Amp’s customer support docs at the time
Problem synthesis
Product growth stifled by inadequate permissions
After extensive user research, the impact of this fragmented product experience was evidently impacting almost every module within Culture Amp - all synthesised within:
• Product access levels not matching individual responsibilities, giving too much or too little access
• Limited capabilities for restricting the purview of a role to parts of the organisation - a key need for many customers
• Inconsistent naming conventions and role definitions within each module
• Multiple disparate pages to assign different roles
These factors contributed to lower adoption of Culture Amp modules, stifling product growth
Problem synthesis
Product growth stifled by inadequate permissions
After extensive user research, the impact of this fragmented product experience was evidently impacting almost every module within Culture Amp - all synthesised within:
• Product access levels not matching individual responsibilities, giving too much or too little access
• Limited capabilities for restricting the purview of a role to parts of the organisation - a key need for many customers
• Inconsistent naming conventions and role definitions within each module
• Multiple disparate pages to assign different roles
These factors contributed to lower adoption of Culture Amp modules, stifling product growth
Problem synthesis
Product growth stifled by inadequate permissions
After extensive user research, the impact of this fragmented product experience was evidently impacting almost every module within Culture Amp - all synthesised within:
• Product access levels not matching individual responsibilities, giving too much or too little access
• Limited capabilities for restricting the purview of a role to parts of the organisation - a key need for many customers
• Inconsistent naming conventions and role definitions within each module
• Multiple disparate pages to assign different roles
These factors contributed to lower adoption of Culture Amp modules, stifling product growth
PART II
making
Quick wins
Centralised role assignment
Consolidated 3 different pages for assigning roles to users into a single page. This was aimed at improving discoverability of roles, and allowing admins to audit assigned roles from a single pane of glass.
Quick wins
Centralised role assignment
Consolidated 3 different pages for assigning roles to users into a single page. This was aimed at improving discoverability of roles, and allowing admins to audit assigned roles from a single pane of glass.
Quick wins
Centralised role assignment
Consolidated 3 different pages for assigning roles to users into a single page. This was aimed at improving discoverability of roles, and allowing admins to audit assigned roles from a single pane of glass.
Usability uplifts
Addressed various usability issues that prevented, or made it very difficult, to assign some roles
"Every time I make a selection, the list closes and I can't search either. Seriously, it took me hours"
- Customer quote
Usability uplifts
Addressed various usability issues that prevented, or made it very difficult, to assign some roles
"Every time I make a selection, the list closes and I can't search either. Seriously, it took me hours"
- Customer quote
Usability uplifts
Addressed various usability issues that prevented, or made it very difficult, to assign some roles
"Every time I make a selection, the list closes and I can't search either. Seriously, it took me hours"
- Customer quote
Medium-term goals
Modular roles
Culture Amp’s various modules were largely bundled up in a single role, the Account Administrator.
A large project of work started to create roles for each module. This involved influencing multiple other teams to prioritise the creation of the relevant roles in their domain.
Medium-term goals
Modular roles
Culture Amp’s various modules were largely bundled up in a single role, the Account Administrator.
A large project of work started to create roles for each module. This involved influencing multiple other teams to prioritise the creation of the relevant roles in their domain.
Medium-term goals
Modular roles
Culture Amp’s various modules were largely bundled up in a single role, the Account Administrator.
A large project of work started to create roles for each module. This involved influencing multiple other teams to prioritise the creation of the relevant roles in their domain.
Long-term vision
Unified naming conventions
Naming convention of Culture Amp’s roles were varied, and applied inconsistently across modules. Roles were either named according to:
• A general product description (e.g. Administrator)
• The specific permissions the role gave (e.g. Survey Creator)
• The job titles of individuals likely to make use of the role (e.g. Performance HR Business Partner)
The conflation of job titles with product roles meant that some HR Business Partners for example actually required an Administrator role, leading to general confusion as to what role was appropriate.
Once modular roles were created for each domain, an all-encompassing consistent model for roles and permissions across modules was possible.
This model provides consistent naming conventions centred around two tiers of access: Limited Permissions and Full Permissions.
Long-term vision
Unified naming conventions
Naming convention of Culture Amp’s roles were varied, and applied inconsistently across modules. Roles were either named according to:
• A general product description (e.g. Administrator)
• The specific permissions the role gave (e.g. Survey Creator)
• The job titles of individuals likely to make use of the role (e.g. Performance HR Business Partner)
The conflation of job titles with product roles meant that some HR Business Partners for example actually required an Administrator role, leading to general confusion as to what role was appropriate.
Once modular roles were created for each domain, an all-encompassing consistent model for roles and permissions across modules was possible.
This model provides consistent naming conventions centred around two tiers of access: Limited Permissions and Full Permissions.
Long-term vision
Unified naming conventions
Naming convention of Culture Amp’s roles were varied, and applied inconsistently across modules. Roles were either named according to:
• A general product description (e.g. Administrator)
• The specific permissions the role gave (e.g. Survey Creator)
• The job titles of individuals likely to make use of the role (e.g. Performance HR Business Partner)
The conflation of job titles with product roles meant that some HR Business Partners for example actually required an Administrator role, leading to general confusion as to what role was appropriate.
Once modular roles were created for each domain, an all-encompassing consistent model for roles and permissions across modules was possible.
This model provides consistent naming conventions centred around two tiers of access: Limited Permissions and Full Permissions.
Restrict roles to parts of an organisation
The last capability to satisfy a common need for customers is restricting a role to parts of an organisation. For that to exist, Culture Amp would need a conception of User Groups to restrict roles by.
This is an ongoing effort to unblock both this particular use case, and other needs across the platform in which a hierarchical and dynamic grouping of employees based on their attributes can yield benefits.
Restrict roles to parts of an organisation
The last capability to satisfy a common need for customers is restricting a role to parts of an organisation. For that to exist, Culture Amp would need a conception of User Groups to restrict roles by.
This is an ongoing effort to unblock both this particular use case, and other needs across the platform in which a hierarchical and dynamic grouping of employees based on their attributes can yield benefits.
Restrict roles to parts of an organisation
The last capability to satisfy a common need for customers is restricting a role to parts of an organisation. For that to exist, Culture Amp would need a conception of User Groups to restrict roles by.
This is an ongoing effort to unblock both this particular use case, and other needs across the platform in which a hierarchical and dynamic grouping of employees based on their attributes can yield benefits.
PART III
measuring
Post-release metrics
Impact of quick wins
Within the first 4 weeks of releasing the first improvements to roles and permissions:
Post-release metrics
Impact of quick wins
Within the first 4 weeks of releasing the first improvements to roles and permissions:
Post-release metrics
Impact of quick wins
Within the first 4 weeks of releasing the first improvements to roles and permissions:
Long-term impact
Uptake of new granular roles
Setting a target goal of at least 3% of customers making use of the new roles, almost all of the new granular roles exceeded their intended goal
Long-term impact
Uptake of new granular roles
Setting a target goal of at least 3% of customers making use of the new roles, almost all of the new granular roles exceeded their intended goal
Long-term impact
Uptake of new granular roles
Setting a target goal of at least 3% of customers making use of the new roles, almost all of the new granular roles exceeded their intended goal
