Background

BigCommerce is a platform that allows people to create online stores. While users (AKA merchants) of all sizes use BigCommerce, the company is focused on creating the best experience for large enterprise clients. These larger merchants often have many users accessing one account, each of which may have a different role within the company, and therefore different security and access needs.

The existing platform allows for multiple users to be given different sets of permissions, but it is cumbersome and not flexible enough to satisfy larger merchants’ needs. The user permissions experience (including adding new users, removing old accounts, editing permissions, etc.) has not been touched or updated in many years.

The Customer Service team is getting more and more complaints from merchants who are resorting to sharing passwords and other risky workarounds in order to make the platform work with the way they run their business. The Sales team is also losing deals from merchants who need a more seamless and secure user permissions experience.

When the 2021-2022 Product roadmap was being created, I decided to do some discovery and exploration work to design a “north star” vision. My goal was to spark excitement about what might be possible if we were to overhaul the user permissions experience. The project got picked up and put on the roadmap, but later got deprioritized due to complexity and lack of resources.

Discovery

I started this project by digging into the history of the current user permissions experience. To find out what were the main problems affecting merchants, I spoke to Sales and Customer Service representatives. I talked to seasoned Product Managers to find out why the current experience was designed the way it was designed. And I asked Engineers how the back-end worked, and what aspects of the functionality would be feasibly easy to change.

Ultimately, I discovered three main problems I wanted to explore:

1. 1. Permissions were assigned directly to each user, making the adding/removing of users very manual.
2. 2. There was only one “Store Owner” allowed per account, and users were sharing passwords in order to gain access to the permissions given to the Store Owner.
3. 3. The UI was outdated and inconsistent, as a result of years of “adding on” permissions without clear guidelines or structure.

Problems

1. User Groups (RBAC model)

CONTEXT/PROBLEM

Permissions were assigned directly to users. This caused unnecessary complications, especially for merchants with many employees using the same account.

IDEAL STATE

Role-based access control model, where users are assigned to roles, which are then assigned permissions. This would increase security and make adding and removing user accounts more seamless.

2. Account-Level Settings & Security

CONTEXT/PROBLEM

Only one user (Store Owner) had access to the most high-risk permissions. Often, merchants would have several employees who needed to share some of the Store Owner’s authority. This resulted in password sharing, exposing the merchant to security risks.

IDEAL STATE

Separate account-level and store-level permissions would allow more granularity and decentralization of authority. Giving users more visibility into potential security risks would help increase the security of their accounts as well.

3. Simplicity & Consistency

CONTEXT/PROBLEM

The existing experience contained 118 different permissions. They were difficult to browse and there was no way to search. The organization and linguistic structure of the permissions was inconsistent, resulting in a clunky user experience.

IDEAL STATE

Clear and consistent copywriting would help merchants understand exactly what each permission does. A simple UI would allow merchants to easily find and manage their users, groups, and permissions.

Concepts

To solve the above problems, I explored a few ideas and landed on the following concepts that made up the design vision for a new user permissions experience.

Users Overview Screen

Improved organization/UX

Next Steps

The BigCommerce platform is very complex, and the user permissions experience touches on many different areas. More discovery is needed to answer the following questions and make sure user permissions are optimized for all BigCommerce use cases.

Outstanding Questions

1. 1. For merchants selling on multiple channels, how are permissions set for each channel and each user?
2. 2. Similarly, how are permissions controlled for merchants who have multiple BigCommerce storefronts?
3. 3. What permissions are necessary for merchants with multiple inventory locations? How might they control access to different warehouses?
4. 4. Merchants have told us that they desire default roles. What default roles would work for most merchants? What permissions would belong to each role?
5. 5. The current list of permissions has never been updated or audited for quality. Are the existing permissions useful to merchants? What other permissions might they need? To answer this, it would be necessary to talk to internal stakeholders across all of BigCommerce’s product domains.
6. 6. The current permissions are rather vague and confusing to merchants and BigCommerce employees alike. What do the current permissions actually control? Are they useful? Are any outdated and needing to be removed?

Although the project was deprioritized for the year, the design vision work provided a foundation and an idea of what an overhaul of the user permissions experience could look like. I presented the work to internal stakeholders, and the company started planning to hire a new team that could work on user permissions in the coming years.