Skip to main content
Give us your valuable feedback

It will help us understand how we can serve you better

Give feedback

Patterns

User Management

Design access and permissions control system (Admin Panel)

banner-User Management

Introduction

Designing access permission for the SaaS app is not an easy task, but it’s important to help build your product more manageable and scalable. Designing a user management system would help protect privacy concerns and data safety, to make it more efficient for different types of users.

User management

User management plays an important role in defining and controlling the access for different users within a system, this would help increase the security access to SaaS product that is essentials across the B2B company. User management enables personalized access to the end-users by adjusting the access based on each need. By personalizing the access, users would have the most relevant resources that they need to do their tasks.

Role management

The most popular model of user management is RBAC (Role Based Access Control), Different from ACL (Access Control List) which explicitly lists all available options directly to individual users, the RBAC model will use roles to categorize and manage permissions that will be applied on each role. The RBAC model will help to organize the permissions easier and faster by using Roles as a service hub between users and permissions, so admins would only need to assign roles to each user and can configure the permissions that the roles would have.

Comparison model ACL vs RBAC
Comparison model ACL vs RBAC

Beyond the basic RBAC model, there are also user group permission to help organize a large number of users or companies that will use these features. As the product starts to grow and the people compositions become more complex, directly assigning users to roles would be time-consuming and a lot of hassle, so by using the user group, the admin can group the users based on human organizational structure. For example, the groups can be divided into departments, offices, and companies.

User group model
User group model

Permission management

When setting up the user management, it’s important to determine the permissions structure and it’s granularity.

Permission usually consist of 3 levels:

  1. Page permissions: Access to function or a feature.
  2. Operation permissions: Access to a specific action (most commons are create, read, update, hide, and delete) on a page or within a function.
  3. Data permissions: Access to specific data on a page or a section.
Level of permissions
Level of permissions

Acceptance Criteria for permission management:

  1. Clear documentation of resources that need permissions, such as pages, menus, data entities, and other components. Associate each resource with actions (common basic actions: create, read, update, hide, or delete).
  2. Provide users with roles by their access and responsibilities. The most common user roles are admins, managers, and staffs.
  3. Able to set permissions for each role based on the required resources that match its responsibility.
  4. Assign admin or a specific role to manage the permissions regularly to accomodate new features or any changes in business requirements.