Introducing permissions control in cmBuilder

Project Description: End to end new feature design
Time: 2021
Role: Lead Designer

Problem Statement

To introduce a permissions control system that seamlessly implements default company expectations while allowing for flexibility when needed.

cmBuilder is a web-based construction logistics planning platform launched at the end of 2020. Initially, it provided open access to anyone with an account. As the user base grew, implementing access permissions controls became essential.

Process

RESEARCH & DEFINE

Major Insight

Roles and responsibilities evolve through a single construction project

In a typical construction project, roles can include owners, project managers, project coordinators, VDC coordinators, consultants, superintendents, sub-trades, and more. It is common for a project manager to be involved in multiple projects, such as “Project A” and “Project B,” each with different sub-trades.

As a project progresses from the tender phase, to the pre-construction phase and active construction phase, there may be changes in project ownership. This can be in the form of official handoffs between project owners or a gradual shift and release of responsibilities over time.

Understanding this context is crucial and led us to design in a way where it’s straightforward for project owners to reassign their roles. This is different from most of the competitive software that was researched.

 
Defining Requirements

Insights from user and stakeholder interviews helped define the following requirements and guidelines.

Project Accessibility ☑️

  • Varied Access Needs:
    Accommodate both open projects accessible to all company members and restricted projects for specific groups. The design should handle both scenarios effortlessly.

  • Streamlined Setup:
    Ensure typical project creation and permissions assignment are straightforward. It is acceptable to allow more effort for rare, project-specific customizations.

  • Efficient Onboarding:
    Allow new company users to join without needing to add them to every project individually.

Control and Customization 🕹

  • Granular Permissions:
    Provide detailed control over external user permissions, for the use cases of external contractors.

  • Customizable Roles:
    Enable customization and reusability of user roles and permissions.

Ensuring Security and Integrity 🔐

  • Access Prevention:
    Prevent unintended access to projects.

  • Permission Protection:
    Prevent users from accidentally overriding existing project permissions.

  • Admin Assurance:
    Ensure every project always has an Admin to avoid loss of control.

 
User Flow and Wireframes

The design focused on differentiating between two project types: open and closed.

  1. Open Projects:
    These are accessible to all company members, facilitating broad collaboration and ease of access.

  2. Closed Projects:
    These are restricted to a specific group of users, ensuring that sensitive content is securely managed.

The user flow was designed to seamlessly accommodate these two project types, making it intuitive to set permissions during project creation. Wireframes and initial ideation sessions aimed at simplifying the process while providing the necessary flexibility for project-specific customizations.

User flow image for permissions control project

Lo-fi wireframes

Wireframe for cmBuilder permissions control
 

DESIGN & DELIVERY

Design Highlights

1. Simple project creation

  • Ease of Choice:
    Project admins can effortlessly choose between "open" and "closed" project types at the start, without needing to delve into details immediately.

  • Flexibility:
    Project types and specific permission settings can be modified and refined at any point, ensuring adaptability to evolving project needs.

2. Company-level controls outside of projects

  • Centralized Management:
    Company admins have the ability to manage company-wide permissions from a single, clear interface.

  • Visibility:
    The interface allows users to easily see and understand the implications of changing permission levels, enhancing transparency and control.

3. Detailed project-level customization

  • Autonomy:
    Project admins are empowered with the tools to customize access controls specific to each project, without needing assistance from company-level admins.

  • Granularity:
    This level of customization ensures that each project’s unique security and access requirements are met effectively.

 
Summary and User Feedback

The implementation of the permissions feature has significantly enhanced the platform's usability and security.

Administrators can now confidently assign proper access controls, ensuring that only authorized users have access to sensitive information. This clarity in access control not only enhances security but also boosts the perceived trustworthiness of cmBuilder.

Administrators appreciate the straightforward configuration process, simplifying the task of managing user permissions. This new functionality has been especially beneficial for company administrators, enabling them to efficiently assign and adjust access controls as needed, without unnecessary complexity.

Overall, this feature has not only addressed the immediate needs of our users but has also laid a solid foundation for future enhancements.

Key Design Considerations

  • Understanding typical stakeholders in construction projects.

  • Understanding the change of project ownership when it passes different stage gates

  • Identifying administrative roles and defining access levels.

  • Addressing varying access needs of external stakeholders, who often change project to project.

  • Ensuring internal teams could work on multiple projects simultaneously.

  • Creating a scalable method to accommodate future additions.