LPM*
Roles & Permissions

Privacy and control over who has access to what are really pivotal for a well run matter (basically a 'project'- but in legal speak).

A mechanism that would do just that had to be added to the LPM platform in order for it to be adopted as a primary tool. Because of the complexity and the potential trouble adding such a feature to a live app could cause, we decided to slowly build it out and keep adding features to it in stages. For the MVP we decided to go with a vertical access model. This means that admins are able to cut access to entire sections of the app for certain user types or organizations. This approach added a way of limiting what specific users see and gave more control to admins and owners while also reducing the complexity for the devs.

*LPM - Legal Project Management Platform

hero image

Research and Diagrams

Adding Roles & Permissions to live apps is not easy - cutting access to one section might seem simple enough, but not if parts of that section interact with other parts of the app (e.g.: if your app has a Documents section, and a Chat section with an internal document sharing feature that means that cutting one user from the documents would also impact the way they interact with the Chat feature).

There are always a million things to consider, and because of the particularities of our prod environment and the overall fast pace of the development cycle I had to make sure that the flows were complete and they took every interaction into account. So I started where everyone starts - doing some good ol' competitive assessment - no point in reinventing the wheel amirite? After looking at a few other platforms and figuring out the way they implemented this it was obvious to me that I had to start really simple and keep adding complexity as I went.

So I started with some flow diagrams.

project wireframe

HiFi Designs and Next steps

While the ability of limiting one user from seeing certain sections was a step forward, it was obvious that without a way of at least adding the same role to multiple users at once, people would find using this feature extremely frustrating. Having 'teams' was something I considered but it would've taken a long time to develop and it just wasn't possible at the time - so I did the next best thing.
Our app already had a concept of 'Organizations' based on the email of the user - so why not use that? I figured that you could just set a 'default permission' for an org and anyone that shared the same email domain would get that particular type of role until an admin would specifically change it for that user or the entire org.

The next step would be to add granular permissions for individual parts of the app. A simple example would be - you have access to the Documents section, but you can't see certain confidential documents.

project image project image project image project image project image
project image

PROJECTS

View More